OpenLDAP

From Michael's Information Zone
Jump to navigation Jump to search

Active Directory LDAP Proxy

Purpose

To proxy secure LDAP requests from the internet to MS AD.

Commands

CentOS 7

On a clean install with epel-release installed (not needed, but it is part of my initial setup script)


yum -y install openldap openldap-servers
cat <<EOF >>/etc/openldap/slapd.conf

moduleload              back_ldap

include                 /etc/openldap/schema/core.schema
include                 /etc/openldap/schema/cosine.schema
include                 /etc/openldap/schema/nis.schema
include                 /etc/openldap/schema/inetorgperson.schema


pidfile                 /var/run/openldap/slapd.pid
argsfile                /var/run/openldap/slapd.args

sizelimit               unlimited

idletimeout             3600
writetimeout            600

database                ldap
suffix                  "dc=your,dc=tld"
uri                     "ldap://domaincontroller"
chase-referrals         no
idassert-bind           bindmethod=simple
                        mode=self
                        binddn="cn=binduser,ou=Users,DC=your,DC=tld"
                        credentials="password"

logfile                 /var/log/slapd.log
loglevel                1
EOF

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
systemctl enable slapd
systemctl start slapd
firewall-cmd --permanent --add-service=ldap
firewall-cmd --reload

Notes

  • Interesting YouTube Video that covers everything except enabling TLS[1]
  • openLDAP as proxy to Active Directory as stated by SAMBA[2]
  • A guide by owncloud.org[3]
  • Possible howto on enabling TLS[4]
  • Here is someone that has already gone through the work for me. Will be working off of this how-to.[5]
  • https://www.youtube.com/watch?v=bp8ffdY7Mu4
  • https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD
  • https://doc.owncloud.org/server/10.0/admin_manual/configuration/ldap/ldap_proxy_cache_server_setup.html
  • https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html
  • https://howdoilinux.com/2015/05/openldap-to-active-directory-proxy-configuration/