Difference between revisions of "OpenLDAP"

Active Directory LDAP Proxy

Purpose

To proxy secure LDAP requests from the internet to MS AD.

Commands

CentOS 7

On a clean install with epel-release installed (not needed, but it is part of my initial setup script)

yum -y install openldap openldap-servers
cat <<EOF >>/etc/openldap/slapd.conf

moduleload              back_ldap

include                 /etc/openldap/schema/core.schema
include                 /etc/openldap/schema/cosine.schema
include                 /etc/openldap/schema/nis.schema
include                 /etc/openldap/schema/inetorgperson.schema


pidfile                 /var/run/openldap/slapd.pid
argsfile                /var/run/openldap/slapd.args

sizelimit               unlimited

idletimeout             3600
writetimeout            600

database                ldap
suffix                  "dc=your,dc=tld"
uri                     "ldap://domaincontroller"
chase-referrals         no
idassert-bind           bindmethod=simple
                        mode=self
                        binddn="cn=binduser,ou=Users,DC=your,DC=tld"
                        credentials="password"

logfile                 /var/log/slapd.log
loglevel                1
EOF

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
systemctl enable slapd
systemctl start slapd
firewall-cmd --permanent --add-service=ldap
firewall-cmd --reload

When finished, you can query the OpenLDAP but must authenticate in the process. In this configuration it does not allow for anonymous binds, which is a good thing.

ldapsearch -v -x -h <openldap ip/FQDN> -D "cn=binduser,ou=Users,DC=your,DC=tld" -w password -b OU=Users,DC=your,DC=tld

Notes

• Interesting YouTube Video that covers everything except enabling TLS^[1]
• openLDAP as proxy to Active Directory as stated by SAMBA^[2]
• A guide by owncloud.org^[3]
• Possible howto on enabling TLS^[4]
• Here is someone that has already gone through the work for me. Will be working off of this how-to.^[5]