Solved

OpenLDAP Proxy to Active Directy

Posted on 2016-08-17
6
562 Views
Last Modified: 2016-08-25
I am trying to create an OpenLDAP proxy in our DMZ to allow authentication from a Webserver to our ActiveDirectory through OpenLDAP Proxy.

I have spun up a couple servers, one Ubuntu 16.04 with the Latest OpenLDAP installed, and also a CentOS7 with the latest OpenLDAP installed.  (I don't need two servers, I only spun up the CentOS because the article I was following was performed on a redhat os, so it made it easier to follow step by step)

I have been following these two guides to make this work:

However I've run into some trouble along the way, it seems neither of these guide work for me, the paths are never the same as what I have, or I get errors starting the slapd ldap service.

-- Unit slapd.service has begun starting up.
Aug 17 09:36:13 D-APP02 runuser[38747]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Aug 17 09:36:13 D-APP02 runuser[38747]: pam_unix(runuser:session): session closed for user ldap
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: Checking configuration file failed:
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: Unrecognized database type (ldap)
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: 57b4684d /etc/openldap/slapd.conf: line 17: <database> failed init (ldap
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: slaptest: bad configuration file!
Aug 17 09:36:25 D-APP02 slapd[38758]: @(#) $OpenLDAP: slapd 2.4.40 (Mar 31 2016 15:24:52) $
                                              mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/op
Aug 17 09:36:37 D-APP02 slapd[38758]: /etc/openldap/slapd.conf: line 17: <database> failed init (ldap)
Aug 17 09:36:37 D-APP02 slapd[38758]: slapd destroy: freeing system resources.
Aug 17 09:36:37 D-APP02 slapd[38758]: slapd stopped.
Aug 17 09:36:37 D-APP02 slapd[38758]: connections_destroy: nothing to destroy.
Aug 17 09:36:37 D-APP02 slapd[38758]: Unrecognized database type (ldap)
Aug 17 09:36:37 D-APP02 polkitd[10164]: Unregistered Authentication Agent for unix-process:38729:7626184 (system bus nam
Aug 17 09:36:37 D-APP02 systemd[1]: slapd.service: control process exited, code=exited status=1
Aug 17 09:36:37 D-APP02 systemd[1]: Failed to start OpenLDAP Server Daemon.
-- Subject: Unit slapd.service has failed

Open in new window


I'm very new to all this, I have limited Linux knowledge, so when I get into a jam I'm not sure how to troubleshoot it.

Thanks for your time, hopefully someone can help me with this.

Steve
0
Comment
Question by:Lambton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 41761370
Can you post your sladp.conf file?

slapd does not like whatever is on line 17.
0
 

Author Comment

by:Lambton
ID: 41761458
Here you go...

# Import our schema
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/nis.schema

# Support both LDAPv2 and LDAPv3
allow           bind_v2

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

loglevel        1

# Our primary back end
database        bdb
suffix          "dc=county-lambton,dc=on,dc=ca"
rootdn          "cn=coladmin,dc=county-lambton,dc=on,dc=ca"
rootpw          "mypassword"
directory       /var/lib/ldap
# Indexes for this back end
index           objectClass                     eq,pres
index           ou,cn,mail,surname,givenname    eq,pres,sub
index           uid                             eq,pres,sub

Open in new window


Thanks!
0
 
LVL 57

Expert Comment

by:giltjr
ID: 41761478
Are you sure that is the slapd.conf file that was being used when you tried to start slapd?

That configuration file is setup for use on a "real" ldap server, not a proxy.
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 

Author Comment

by:Lambton
ID: 41761545
Oh crap, sorry - I've got three of these going trying to make this work - I've re installed and reconfigured these things a dozen times trying to get it to work...  it's likely on a different server, sorry...

it was this I think:


# Import our schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

# Support both LDAPv2 and LDAPv3
allow           bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

loglevel        1

# Our slapd-ldap back end to connect to AD

database        ldap
suffix          "dc=county-lambton,dc=on,dc=ca"
subordinate
rebind-as-user
uri             "ldap://coldc1.county-lambton.on.ca"
chase-referrals yes

# Our primary back end

database        bdb
suffix          "dc=county-lambton,dc=on,dc=ca"
rootdn          "cn=coladmin,dc=county-lambton,dc=on,dc=ca"
rootpw          "mypassword"
directory       /var/lib/ldap
# Indexes for this back end
index           objectClass                     eq,pres
index           ou,cn,mail,surname,givenname    eq,pres,sub
index           uid                             eq,pres,sub

Open in new window

0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 41761891
The error: "Unrecognized database type (ldap)" means that you did not load the back_ldap module.

You need to find where that module is and add the following to your slapd.conf:

        modulepath  ../servers/slapd/back-monitor/
        moduleload  back_monitor.la


The modulepath statments needs to be changed to reflect there your module is.
0
 

Author Closing Comment

by:Lambton
ID: 41770284
That was it - thanks very much!
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
comm diff cmp unix commands 2 16
user Log on times in AD 5 39
Making an existing Domain a Child of another Domain 4 32
Demoting 2008 DC 1 18
This article runs through the process of deploying a single EXE application selectively to a group of user.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question