openLDAP

I have AD example.com

openLDAP unix.example.com

Can I able to integrate openLDAP with AD to get user information from AD and authorize to application connected with unix openLDAP server?
linuxpersonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
Hi, it is possible to let OpenLDAP connect with your Windows AD, you can use passthrough authentication as well ... Not sure if it is that what you are looking for?

The implementation is not difficult but requires some work, you'll need to setup a trust between the two domains, you'll be using certificates for this.

Some good source, here and here

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
linuxpersonAuthor Commented:
thanks

for some application it requires SSL/TLS

i am getting the following error  

slapd[21444]: daemon: TLS not supported (ldaps://x.x.x.x)

here is my slapd.conf

include         /openldap/openldap-install/etc/openldap/schema/core.schema
include         /openldap/openldap-install/etc/openldap/schema/collective.schema
include         /openldap/openldap-install/etc/openldap/schema/corba.schema
include         /openldap/openldap-install/etc/openldap/schema/cosine.schema
include         /openldap/openldap-install/etc/openldap/schema/duaconf.schema
include         /openldap/openldap-install/etc/openldap/schema/dyngroup.schema
include         /openldap/openldap-install/etc/openldap/schema/inetorgperson.schema
include         /openldap/openldap-install/etc/openldap/schema/java.schema
include         /openldap/openldap-install/etc/openldap/schema/misc.schema
include         /openldap/openldap-install/etc/openldap/schema/nis.schema
include         /openldap/openldap-install/etc/openldap/schema/openldap.schema
include         /openldap/openldap-install/etc/openldap/schema/pmi.schema
include         /openldap/openldap-install/etc/openldap/schema/ppolicy.schema


pidfile         /openldap/openldap-install/var/run/slapd.pid
argsfile        /openldap/openldap-install/var/run/slapd.args





database        bdb
suffix          "dc=unix,dc=example,dc=com"
rootdn          "cn=Manager,dc=unix,dc=example,dc=com"
rootpw          secret
directory       /openldap/openldap-install/var/openldap-data
index   objectClass     eq


TLSCACertificateFile /tls-certs/CA.crt
TLSCertificateFile /tls-certs/server.crt
TLSCertificateKeyFile /tls-certs/server.key
TLSCipherSuite HIGH:MEDIUM:+SSLv2
Zephyr ICTCloud ArchitectCommented:
What command did you use to start slapd?

Did you use something like:
 /usr/local/libexec/slapd -s 256 -h "ldaps:///"

Open in new window

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

linuxpersonAuthor Commented:
still same issue
Zephyr ICTCloud ArchitectCommented:
Hmmm, did you add "TLS_CACERT" to the ldap.conf file?

You should be able to test your certificates by doing following:

openssl s_client -connect localhost:636 -showcerts

Open in new window

linuxpersonAuthor Commented:
where is ldap.conf located?

I am using openldap and i did modify slapd.conf file only
Zephyr ICTCloud ArchitectCommented:
You might find it here: /usr/local/etc/openldap/ldap.conf

But it's more used for client authentication, you can ignore that one for now, barking up the wrong tree ...

What else ... Did that openssl test work?

Difficult to troubleshoot something like this, maybe this will help you pinpoint something.
linuxpersonAuthor Commented:
actually i did download the source code and installing
linuxpersonAuthor Commented:
env CPPFLAGS="-I/openldap/db4/include" LDFLAGS="-L/openldap/db4/lib" ./configure --with-tls=openssl --prefix=/openldap/openldap-install

when i tried to enable SSL during building the source code, i am getting

checking for openssl/ssl.h... no
configure: error: Could not locate TLS/SSL package
Zephyr ICTCloud ArchitectCommented:
Hi,

Sorry, was bedtime last night for me :)

Ok, so OpenLDAP has been installed? If yes maybe this command can help solve the SSL issue:

env CC=gcc CPPFLAGS="-I/dir/ssl/include" LDFLAGS="-L/dir/ssl/lib" ./configure --with-ssl=/dir/ssl -with-tls

Open in new window

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.