Jasaida
asked on
openladp
open ldap on ubuntu server 16.04
i try to install and configure openldap on ubuntu.
i install slapd ldap-utils and i try to start slapd services.
i get error :
slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
Loaded: loaded (/etc/init.d/slapd; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since 19s ago
Docs: man:systemd-sysv-generator
Process: 11693 ExecStart=/etc/init.d/slap
'ubuntu'systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
ubuntu slapd[11693]: * Starting OpenLDAP slapd
ubuntu slapd[11700]: @(#) $OpenLDAP: slapd (Ubuntu) (May 30 2017 19:20:53) $
buildd@lgw01-18:/build/ope
ubuntu slapd[11700]: daemon: bind(9) failed errno=98 (Address already in use)
ubuntu slapd[11693]: ...fail!
ubuntu systemd[1]: slapd.service: Control process exited, code=exited status=1
ubuntu systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
ubuntu systemd[1]: slapd.service: Unit entered failed state.
ubuntu systemd[1]: slapd.service: Failed with result 'exit-code'.
i try to install and configure openldap on ubuntu.
i install slapd ldap-utils and i try to start slapd services.
i get error :
slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
Loaded: loaded (/etc/init.d/slapd; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since 19s ago
Docs: man:systemd-sysv-generator
Process: 11693 ExecStart=/etc/init.d/slap
'ubuntu'systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
ubuntu slapd[11693]: * Starting OpenLDAP slapd
ubuntu slapd[11700]: @(#) $OpenLDAP: slapd (Ubuntu) (May 30 2017 19:20:53) $
buildd@lgw01-18:/build/ope
ubuntu slapd[11700]: daemon: bind(9) failed errno=98 (Address already in use)
ubuntu slapd[11693]: ...fail!
ubuntu systemd[1]: slapd.service: Control process exited, code=exited status=1
ubuntu systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
ubuntu systemd[1]: slapd.service: Unit entered failed state.
ubuntu systemd[1]: slapd.service: Failed with result 'exit-code'.
ASKER
i do not have configuration in slapd.conf.
but port 389 is for nslcd (is for ldap ) and 636 is for samba (samba4 active directory)
but port 389 is for nslcd (is for ldap ) and 636 is for samba (samba4 active directory)
If you already have an LDAP service, why install slapd (openldap server).
AD = Kerberos + LDAP (incompletly used).
You either want AD or LDAP (without AD).
AD = Kerberos + LDAP (incompletly used).
You either want AD or LDAP (without AD).
ASKER
ldap was not working. derfor install openldap. it's may be wrong. but how to clean and how to get work ldap in ad
Q1: Do you need passwords in LDAP or not.... (AD cannot store passwords...., those are in Kerberos, not all equipment is capable of handling kerberos for authentication f.e.).?
if Yes then forget AD. (f.e. if you need other systems without Kerberos use the LDAP ).
First determine if you need AD.... or LDAP
Then either choose one there are a lot of cookbooks on the SAMBA site on how to integrate wiwith AD, with preexisting setup. Or setup Samba as AD as well.
Clean-up:
apt-get remove openldap
possibly followed with
apt-get autoremove
to remove now unused dependencies.
if Yes then forget AD. (f.e. if you need other systems without Kerberos use the LDAP ).
First determine if you need AD.... or LDAP
Then either choose one there are a lot of cookbooks on the SAMBA site on how to integrate wiwith AD, with preexisting setup. Or setup Samba as AD as well.
Clean-up:
apt-get remove openldap
possibly followed with
apt-get autoremove
to remove now unused dependencies.
ASKER
i don't need password in ldap. i have my ad in samba 4.1
do you mean i can't have a samba as active directory and ldap?
do you mean i can't have a samba as active directory and ldap?
You can use Samba for AD...., not full LDAP.
So Q2 Why do you need LDAP, if the use of LDAP ALSO requires password lookups (think websites...) then
AD /LDAP is hardly useful. Unless the web application ALSO does Kerberos logons.
YMMV depending on application requirements.
So Q2 Why do you need LDAP, if the use of LDAP ALSO requires password lookups (think websites...) then
AD /LDAP is hardly useful. Unless the web application ALSO does Kerberos logons.
YMMV depending on application requirements.
ASKER
i need ldap for some radius server.
You will need to check if the intended Radius server can be used with AD and how to configure that.
This might help: https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO
Oh btw, Dont literary follow the building from source mentioned there.
If it says install openssl,,, that should be already on your system..., installing Free Radius can probably be done using
apt-get install free-radius.
This might help: https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO
Oh btw, Dont literary follow the building from source mentioned there.
If it says install openssl,,, that should be already on your system..., installing Free Radius can probably be done using
apt-get install free-radius.
ASKER
ok. Thanks. what about ldap i need ldap to connect to radius server. i can maybe install radius server and create user on it but it's not adopt
with ldap and ad. then if user change password, it's not working.
with ldap and ad. then if user change password, it's not working.
Please check the article i mentioned it includes the steps on how to configure samba etc. to work together with free-radius.
Any radius server should be able to also work for another radius server (as radius-proxy / daisy chaining them) at least free-radius can.
So if you can integrate free-radius onto your Samba AD, then it should also be possible point any radius server there.
Any radius server should be able to also work for another radius server (as radius-proxy / daisy chaining them) at least free-radius can.
So if you can integrate free-radius onto your Samba AD, then it should also be possible point any radius server there.
ASKER
i am just confuse. do you mean i do not need ldap ?
ports are reserved for a purpose..., a function, and not exactly free to choose in most circum stances.
In yours you already have something running on port 389 (=LDAP) and 636 (=LDAPS) you told that you have Samba as AD....
So you already HAVE LDAP (well a cripled one, as AD implements a subset of LDAP) to complement AD uses Kerberos.
You appear to have a crippled LDAP + Kerberos, in the trade known as Active Directory.
For RADIUS access you need something that can handle (Crippled LDAP + Kerberos) aka AD. Free-Radius can (it has some NTLM module that can authenticate using Kerberos and query LDAP for the remainder of the data).
You will not need openldap UNLESS you want to do a separate install (different server etc.) and use that for radius.
Then again that would be a lot of work for not integrating with your AD, then you could do without LDAP anyway and use Pure radius config.
In yours you already have something running on port 389 (=LDAP) and 636 (=LDAPS) you told that you have Samba as AD....
So you already HAVE LDAP (well a cripled one, as AD implements a subset of LDAP) to complement AD uses Kerberos.
You appear to have a crippled LDAP + Kerberos, in the trade known as Active Directory.
For RADIUS access you need something that can handle (Crippled LDAP + Kerberos) aka AD. Free-Radius can (it has some NTLM module that can authenticate using Kerberos and query LDAP for the remainder of the data).
You will not need openldap UNLESS you want to do a separate install (different server etc.) and use that for radius.
Then again that would be a lot of work for not integrating with your AD, then you could do without LDAP anyway and use Pure radius config.
What is still unclear/confusing?
ASKER
Yes.
i do not need radius server on my network. i need a ldap then som remote radius server should search in ldap.
i can't use som crippled LDAP. therefore i try to install openldap to run on another port fx. 1389 istedet of 389.
i am completly lost and conf. now. HELP
i do not need radius server on my network. i need a ldap then som remote radius server should search in ldap.
i can't use som crippled LDAP. therefore i try to install openldap to run on another port fx. 1389 istedet of 389.
i am completly lost and conf. now. HELP
openldap:
/etc/openldap/slapd.conf is the server config
man slapd.conf explains this in detail (f.e. for the TLS certificates...)
Starting the server can be found in man slapd
Starting slapd with -h option might help here:
-h ldaps://ldapname.local:138
or
-h ldaps://:1389/ # for all interfaces.
should work for that...
/etc/openldap/slapd.conf is the server config
man slapd.conf explains this in detail (f.e. for the TLS certificates...)
Starting the server can be found in man slapd
Starting slapd with -h option might help here:
-h ldaps://ldapname.local:138
or
-h ldaps://:1389/ # for all interfaces.
should work for that...
ASKER
Yes i did
i run slapd -h ldap://server:1389/
it's running. But i can't connect to it via phpldapadmin
my apache2 is running and it's on port 55.
i try http://serverip:55/phpldapadmin i don't connect to the that ldap.
i run slapd -h ldap://server:1389/
it's running. But i can't connect to it via phpldapadmin
my apache2 is running and it's on port 55.
i try http://serverip:55/phpldapadmin i don't connect to the that ldap.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much its' working now.
Looks like there already is a ldap service running.... or there is some misconfiguration.
Check ports 389 (ldap) & 636 (ldaps).
It might be worthwile to check the slapd.conf file what it is configured for to listen on.
with
netstat -antp | grep 389
netstat -antp | grep 636
you can find out what process is using those ports.