Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander2015-11-18 09:30:17
Active Directory
Alexander, 2015-11-18 09:30:17

Openldap AD Proxy?

Please help me understand how Openldap works.
I want to set up an Openfire server to serve two domains. I read about Openldap, they say this is what you need. But there's no way to set it up.
There is Ubuntu Server 14.04.3 LTS, on it Openfire 3.10.0 and installed slapd, ldap-utils. Two corporate networks are connected via VPN.
I would like users of two domains to be able to log in to this Openfire server. That is, you need to configure Openldap so that it requests information from domain controllers.
While I'm trying to configure Openldap to see at least one domain.
Now the config looks like this:

cat /etc/ldap/ldap.conf
BASE    cn=users,cn=office,dc=company,dc=ru
URI     ldap://srv1.company.ru

cat /etc/ldap/slapd.conf
include     /etc/ldap/schema/core.schema
include     /etc/ldap/schema/cosine.schema
include     /etc/ldap/schema/inetorgperson.schema
include     /etc/ldap/schema/nis.schema
include     /etc/ldap/schema/samba.schema

modulepath              /var/lib/ldap
moduleload              back_ldap

pidfile     /var/run/slapd/slapd.pid
argsfile    /var/run/slapd/slapd.args

defaultsearchbase "OU=users,OU=office,DC=company,DC=ru"

idletimeout 60

access to * by * read

### Proxy to AD company.ru ####################
database                ldap
suffix                  "OU=users,OU=office,DC=company,DC=ru"
readonly                yes
protocol-version        3
uri                     "ldap://srv1.company.ru"
rebind-as-user
idassert-bind bindmethod=simple
binddn= "CN=openfire,CN=Managed Service Accounts,DC=company,DC=ru"
rootpw {SSHA}ViOcMGF7U8VV+/NV7F4sQwM78
credentials=open
mode=none
idassert-authzFrom “*”

loglevel                0

I restart the server
sudo service slapd restart
 * Stopping OpenLDAP slapd   [ OK ]
 * Starting OpenLDAP slapd    [ OK ]

netstat -al
Активные соединения с интернетом (servers and established)
tcp        0      0 *:ldap                  *:*                     LISTEN
tcp6       0      0 [::]:ldap               [::]:*                  LISTEN

And here I can't understand how the server works. The ldapsearch command does not return any results, although, as I understand it, it should return all accounts in AD.
ldapsearch -h localhost -x
# extended LDIF
#
# LDAPv3
# base <cn=users,cn=office,dc=company,dc=ru> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Sergey Galaktionov, 2015-11-18
@Hagmos

BASE dc=company,dc=ru
Try searching from the root

Report
A
Alexander, 2015-11-18
@ck80

Addendum:
It turns out that in the new version of Openldap, all configuration is done with cn=config, and slapd.conf is no longer used. Moreover, when changing cn=config, the changes are applied automatically, without restarting slapd.

Similar questions
I
Ilya Korablev2015-05-25 21:51:23
Application members? 2Reply
R
Raviolo2014-08-07 19:47:08
When auditing AD, how to get XML variables in mail notification? 0Reply
W
WSGlebKavash2022-03-18 21:41:58
DNS bind9 not working with localhost? 0Reply
W
WSGlebKavash2022-03-27 21:10:35
How to connect Windows hosts to Samba DC? 0Reply
N
Nauryzbek Aitbaev2019-02-11 15:26:06
How to run as a user with limited access, but giving administrator rights in the Task Scheduler? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question