Solved

OpenLDAP Proxy to Active Directy

Posted on 2016-08-17
6
148 Views
Last Modified: 2016-08-25
I am trying to create an OpenLDAP proxy in our DMZ to allow authentication from a Webserver to our ActiveDirectory through OpenLDAP Proxy.

I have spun up a couple servers, one Ubuntu 16.04 with the Latest OpenLDAP installed, and also a CentOS7 with the latest OpenLDAP installed.  (I don't need two servers, I only spun up the CentOS because the article I was following was performed on a redhat os, so it made it easier to follow step by step)

I have been following these two guides to make this work:

However I've run into some trouble along the way, it seems neither of these guide work for me, the paths are never the same as what I have, or I get errors starting the slapd ldap service.

-- Unit slapd.service has begun starting up.
Aug 17 09:36:13 D-APP02 runuser[38747]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Aug 17 09:36:13 D-APP02 runuser[38747]: pam_unix(runuser:session): session closed for user ldap
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: Checking configuration file failed:
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: Unrecognized database type (ldap)
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: 57b4684d /etc/openldap/slapd.conf: line 17: <database> failed init (ldap
Aug 17 09:36:13 D-APP02 check-config.sh[38744]: slaptest: bad configuration file!
Aug 17 09:36:25 D-APP02 slapd[38758]: @(#) $OpenLDAP: slapd 2.4.40 (Mar 31 2016 15:24:52) $
                                              mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/op
Aug 17 09:36:37 D-APP02 slapd[38758]: /etc/openldap/slapd.conf: line 17: <database> failed init (ldap)
Aug 17 09:36:37 D-APP02 slapd[38758]: slapd destroy: freeing system resources.
Aug 17 09:36:37 D-APP02 slapd[38758]: slapd stopped.
Aug 17 09:36:37 D-APP02 slapd[38758]: connections_destroy: nothing to destroy.
Aug 17 09:36:37 D-APP02 slapd[38758]: Unrecognized database type (ldap)
Aug 17 09:36:37 D-APP02 polkitd[10164]: Unregistered Authentication Agent for unix-process:38729:7626184 (system bus nam
Aug 17 09:36:37 D-APP02 systemd[1]: slapd.service: control process exited, code=exited status=1
Aug 17 09:36:37 D-APP02 systemd[1]: Failed to start OpenLDAP Server Daemon.
-- Subject: Unit slapd.service has failed

Open in new window


I'm very new to all this, I have limited Linux knowledge, so when I get into a jam I'm not sure how to troubleshoot it.

Thanks for your time, hopefully someone can help me with this.

Steve
0
Comment
Question by:Lambton
  • 3
  • 3
6 Comments
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Can you post your sladp.conf file?

slapd does not like whatever is on line 17.
0
 

Author Comment

by:Lambton
Comment Utility
Here you go...

# Import our schema
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/nis.schema

# Support both LDAPv2 and LDAPv3
allow           bind_v2

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

loglevel        1

# Our primary back end
database        bdb
suffix          "dc=county-lambton,dc=on,dc=ca"
rootdn          "cn=coladmin,dc=county-lambton,dc=on,dc=ca"
rootpw          "mypassword"
directory       /var/lib/ldap
# Indexes for this back end
index           objectClass                     eq,pres
index           ou,cn,mail,surname,givenname    eq,pres,sub
index           uid                             eq,pres,sub

Open in new window


Thanks!
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Are you sure that is the slapd.conf file that was being used when you tried to start slapd?

That configuration file is setup for use on a "real" ldap server, not a proxy.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Lambton
Comment Utility
Oh crap, sorry - I've got three of these going trying to make this work - I've re installed and reconfigured these things a dozen times trying to get it to work...  it's likely on a different server, sorry...

it was this I think:


# Import our schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

# Support both LDAPv2 and LDAPv3
allow           bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

loglevel        1

# Our slapd-ldap back end to connect to AD

database        ldap
suffix          "dc=county-lambton,dc=on,dc=ca"
subordinate
rebind-as-user
uri             "ldap://coldc1.county-lambton.on.ca"
chase-referrals yes

# Our primary back end

database        bdb
suffix          "dc=county-lambton,dc=on,dc=ca"
rootdn          "cn=coladmin,dc=county-lambton,dc=on,dc=ca"
rootpw          "mypassword"
directory       /var/lib/ldap
# Indexes for this back end
index           objectClass                     eq,pres
index           ou,cn,mail,surname,givenname    eq,pres,sub
index           uid                             eq,pres,sub

Open in new window

0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
Comment Utility
The error: "Unrecognized database type (ldap)" means that you did not load the back_ldap module.

You need to find where that module is and add the following to your slapd.conf:

        modulepath  ../servers/slapd/back-monitor/
        moduleload  back_monitor.la


The modulepath statments needs to be changed to reflect there your module is.
0
 

Author Closing Comment

by:Lambton
Comment Utility
That was it - thanks very much!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now