We help IT Professionals succeed at work.

openLDAP

I have AD example.com

openLDAP unix.example.com

Can I able to integrate openLDAP with AD to get user information from AD and authorize to application connected with unix openLDAP server?
Comment
Watch Question

Cloud Architect
Commented:
Hi, it is possible to let OpenLDAP connect with your Windows AD, you can use passthrough authentication as well ... Not sure if it is that what you are looking for?

The implementation is not difficult but requires some work, you'll need to setup a trust between the two domains, you'll be using certificates for this.

Some good source, here and here

Author

Commented:
thanks

for some application it requires SSL/TLS

i am getting the following error  

slapd[21444]: daemon: TLS not supported (ldaps://x.x.x.x)

here is my slapd.conf

include         /openldap/openldap-install/etc/openldap/schema/core.schema
include         /openldap/openldap-install/etc/openldap/schema/collective.schema
include         /openldap/openldap-install/etc/openldap/schema/corba.schema
include         /openldap/openldap-install/etc/openldap/schema/cosine.schema
include         /openldap/openldap-install/etc/openldap/schema/duaconf.schema
include         /openldap/openldap-install/etc/openldap/schema/dyngroup.schema
include         /openldap/openldap-install/etc/openldap/schema/inetorgperson.schema
include         /openldap/openldap-install/etc/openldap/schema/java.schema
include         /openldap/openldap-install/etc/openldap/schema/misc.schema
include         /openldap/openldap-install/etc/openldap/schema/nis.schema
include         /openldap/openldap-install/etc/openldap/schema/openldap.schema
include         /openldap/openldap-install/etc/openldap/schema/pmi.schema
include         /openldap/openldap-install/etc/openldap/schema/ppolicy.schema


pidfile         /openldap/openldap-install/var/run/slapd.pid
argsfile        /openldap/openldap-install/var/run/slapd.args





database        bdb
suffix          "dc=unix,dc=example,dc=com"
rootdn          "cn=Manager,dc=unix,dc=example,dc=com"
rootpw          secret
directory       /openldap/openldap-install/var/openldap-data
index   objectClass     eq


TLSCACertificateFile /tls-certs/CA.crt
TLSCertificateFile /tls-certs/server.crt
TLSCertificateKeyFile /tls-certs/server.key
TLSCipherSuite HIGH:MEDIUM:+SSLv2
Zephyr ICTCloud Architect

Commented:
What command did you use to start slapd?

Did you use something like:
 /usr/local/libexec/slapd -s 256 -h "ldaps:///"

Open in new window

Author

Commented:
still same issue
Zephyr ICTCloud Architect

Commented:
Hmmm, did you add "TLS_CACERT" to the ldap.conf file?

You should be able to test your certificates by doing following:

openssl s_client -connect localhost:636 -showcerts

Open in new window

Author

Commented:
where is ldap.conf located?

I am using openldap and i did modify slapd.conf file only
Zephyr ICTCloud Architect

Commented:
You might find it here: /usr/local/etc/openldap/ldap.conf

But it's more used for client authentication, you can ignore that one for now, barking up the wrong tree ...

What else ... Did that openssl test work?

Difficult to troubleshoot something like this, maybe this will help you pinpoint something.

Author

Commented:
actually i did download the source code and installing

Author

Commented:
env CPPFLAGS="-I/openldap/db4/include" LDFLAGS="-L/openldap/db4/lib" ./configure --with-tls=openssl --prefix=/openldap/openldap-install

when i tried to enable SSL during building the source code, i am getting

checking for openssl/ssl.h... no
configure: error: Could not locate TLS/SSL package
Zephyr ICTCloud Architect

Commented:
Hi,

Sorry, was bedtime last night for me :)

Ok, so OpenLDAP has been installed? If yes maybe this command can help solve the SSL issue:

env CC=gcc CPPFLAGS="-I/dir/ssl/include" LDFLAGS="-L/dir/ssl/lib" ./configure --with-ssl=/dir/ssl -with-tls

Open in new window