OpenLDAP
Contents
Active Directory LDAP Proxy
Purpose
To proxy secure LDAP requests from the internet to MS AD.
Commands
CentOS 7
On a clean install with epel-release installed (not needed, but it is part of my initial setup script)
yum -y install openldap openldap-servers
cat <<EOF >>/etc/openldap/slapd.conf
moduleload back_ldap
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
sizelimit unlimited
idletimeout 3600
writetimeout 600
database ldap
suffix "dc=your,dc=tld"
uri "ldap://domaincontroller"
chase-referrals no
idassert-bind bindmethod=simple
mode=self
binddn="cn=binduser,ou=Users,DC=your,DC=tld"
credentials="password"
logfile /var/log/slapd.log
loglevel 1
EOF
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
systemctl enable slapd
systemctl start slapd
firewall-cmd --permanent --add-service=ldap
firewall-cmd --reload
When finished, you can query the OpenLDAP but must authenticate in the process. In this configuration it does not allow for anonymous binds, which is a good thing.
ldapsearch -v -x -h <openldap ip/FQDN> -D "cn=binduser,ou=Users,DC=your,DC=tld" -w password -b OU=Users,DC=your,DC=tld
LDAPS
Edit /etc/sysconfig/slapd and update to take secure connections[1]
sed -i 's/SLAPD_URLS=\"ldapi:\/\/\/\ ldap:\/\/\/\"/SLAPD_URLS=\"ldapi:\/\/\/\ ldaps:\/\/\/\"/' /etc/sysconfig/slapd
Notes
- Interesting YouTube Video that covers everything except enabling TLS[2]
- openLDAP as proxy to Active Directory as stated by SAMBA[3]
- A guide by owncloud.org[4]
- Possible howto on enabling TLS[5]
- Here is someone that has already gone through the work for me. Will be working off of this how-to.[6]
