asked on
OpenLDAP Proxy to Active Directy
I am trying to create an OpenLDAP proxy in our DMZ to allow authentication from a Webserver to our ActiveDirectory through OpenLDAP Proxy.
I have spun up a couple servers, one Ubuntu 16.04 with the Latest OpenLDAP installed, and also a CentOS7 with the latest OpenLDAP installed. (I don't need two servers, I only spun up the CentOS because the article I was following was performed on a redhat os, so it made it easier to follow step by step)
I have been following these two guides to make this work:
However I've run into some trouble along the way, it seems neither of these guide work for me, the paths are never the same as what I have, or I get errors starting the slapd ldap service.
I'm very new to all this, I have limited Linux knowledge, so when I get into a jam I'm not sure how to troubleshoot it.
Thanks for your time, hopefully someone can help me with this.
Steve
I have spun up a couple servers, one Ubuntu 16.04 with the Latest OpenLDAP installed, and also a CentOS7 with the latest OpenLDAP installed. (I don't need two servers, I only spun up the CentOS because the article I was following was performed on a redhat os, so it made it easier to follow step by step)
I have been following these two guides to make this work:
- http://windowsitpro.com/networking/integrate-active-directory-and-openldap
- https://www.youtube.com/watch?v=bp8ffdY7Mu4
However I've run into some trouble along the way, it seems neither of these guide work for me, the paths are never the same as what I have, or I get errors starting the slapd ldap service.
-- Unit slapd.service has begun starting up.
Aug 17 09:36:13 D-APP02 runuser[38747]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Aug 17 09:36:13 D-APP02 runuser[38747]: pam_unix(runuser:session): session closed for user ldap
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: Checking configuration file failed:
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: Unrecognized database type (ldap)
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: 57b4684d /etc/openldap/slapd.conf: line 17: <database> failed init (ldap
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: slaptest: bad configuration file!
Aug 17 09:36:25 D-APP02 slapd[38758]: @(#) $OpenLDAP: slapd 2.4.40 (Mar 31 2016 15:24:52) $
mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/op
Aug 17 09:36:37 D-APP02 slapd[38758]: /etc/openldap/slapd.conf: line 17: <database> failed init (ldap)
Aug 17 09:36:37 D-APP02 slapd[38758]: slapd destroy: freeing system resources.
Aug 17 09:36:37 D-APP02 slapd[38758]: slapd stopped.
Aug 17 09:36:37 D-APP02 slapd[38758]: connections_destroy: nothing to destroy.
Aug 17 09:36:37 D-APP02 slapd[38758]: Unrecognized database type (ldap)
Aug 17 09:36:37 D-APP02 polkitd[10164]: Unregistered Authentication Agent for unix-process:38729:7626184 (system bus nam
Aug 17 09:36:37 D-APP02 systemd[1]: slapd.service: control process exited, code=exited status=1
Aug 17 09:36:37 D-APP02 systemd[1]: Failed to start OpenLDAP Server Daemon.
-- Subject: Unit slapd.service has failed
I'm very new to all this, I have limited Linux knowledge, so when I get into a jam I'm not sure how to troubleshoot it.
Thanks for your time, hopefully someone can help me with this.
Steve
LinuxActive DirectoryUnix OS
Last Comment
Lambton
ASKER
Here you go...
Thanks!
# Import our schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
# Support both LDAPv2 and LDAPv3
allow bind_v2
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 1
# Our primary back end
database bdb
suffix "dc=county-lambton,dc=on,dc=ca"
rootdn "cn=coladmin,dc=county-lambton,dc=on,dc=ca"
rootpw "mypassword"
directory /var/lib/ldap
# Indexes for this back end
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uid eq,pres,sub
Thanks!
Are you sure that is the slapd.conf file that was being used when you tried to start slapd?
That configuration file is setup for use on a "real" ldap server, not a proxy.
That configuration file is setup for use on a "real" ldap server, not a proxy.
ASKER
Oh crap, sorry - I've got three of these going trying to make this work - I've re installed and reconfigured these things a dozen times trying to get it to work... it's likely on a different server, sorry...
it was this I think:
it was this I think:
# Import our schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
# Support both LDAPv2 and LDAPv3
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel 1
# Our slapd-ldap back end to connect to AD
database ldap
suffix "dc=county-lambton,dc=on,dc=ca"
subordinate
rebind-as-user
uri "ldap://coldc1.county-lambton.on.ca"
chase-referrals yes
# Our primary back end
database bdb
suffix "dc=county-lambton,dc=on,dc=ca"
rootdn "cn=coladmin,dc=county-lambton,dc=on,dc=ca"
rootpw "mypassword"
directory /var/lib/ldap
# Indexes for this back end
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uid eq,pres,sub
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
That was it - thanks very much!
slapd does not like whatever is on line 17.