OpenLDAP
Revision as of 13:44, 2 March 2018 by Michael.mast (talk | contribs) (→Active Directory LDAP Proxy)
Active Directory LDAP Proxy
Purpose
To proxy secure LDAP requests from the internet to MS AD.
Commands
CentOS 7
On a clean install with epel-release installed (not needed, but it is part of my initial setup script)
yum -y install openldap openldap-servers cat <<EOF >>/etc/openldap/slapd.conf moduleload back_ldap include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args sizelimit unlimited idletimeout 3600 writetimeout 600 database ldap suffix "dc=your,dc=tld" uri "ldap://domaincontroller" chase-referrals no idassert-bind bindmethod=simple mode=self binddn="cn=binduser,ou=Users,DC=your,DC=tld" credentials="password" logfile /var/log/slapd.log loglevel 1 EOF slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ systemctl enable slapd systemctl start slapd firewall-cmd --permanent --add-service=ldap firewall-cmd --reload
When finished, you can query the OpenLDAP but must authenticate in the process. In this configuration it does not allow for anonymous binds, which is a good thing.
ldapsearch -v -x -h <openldap ip/FQDN> -D "cn=binduser,ou=Users,DC=your,DC=tld" -w password -b OU=Users,DC=your,DC=tld
Notes
- Interesting YouTube Video that covers everything except enabling TLS[1]
- openLDAP as proxy to Active Directory as stated by SAMBA[2]
- A guide by owncloud.org[3]
- Possible howto on enabling TLS[4]
- Here is someone that has already gone through the work for me. Will be working off of this how-to.[5]