Page 1 of 1

Configuring OpenLDAP Client (slapd.conf missing)

Posted: 2012/11/26 16:41:09
by bratan
Hi. I'm new to both CentOS and OpenLDAP.
I just need to configure very basic authentication with existing AD (Windows) for FTP users.
I've installed OpenLDAP client but cannot get it working.
All tutorials and even official CentOS docs talk about editing slapd.conf file. But I don't have this file :(
I think it was depreciated. So where would I add "rootdn" user? /etc/openldap/ldap.conf ?

Configuring OpenLDAP Client (slapd.conf missing)

Posted: 2012/11/26 21:07:49
by TrevorH
The slapd.conf file belongs to an openldap [u]server[/u] not a client. You need to look at /etc/openldap/ldap.conf and /etc/pam_ldap.conf and /etc/nslcd.conf (assuming you are running CentOS 6). If you're using SSL or STARTTLS then you will also need a copy of the CA certificate (if the server cert is not signed by a recognised CA) in /etc/openldap/certs. Configure those files first and test it with the ldapsearch command to see if it works.

Re: Configuring OpenLDAP Client (slapd.conf missing)

Posted: 2012/11/27 15:16:21
by bratan
Thank you! Now it starts making more sense to me ! I'm not use SSL.
I'm still getting an error when performing ldpasearch:
ldapsearch -D "cn=someuser,dc=rr,dc=local" -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)


My Windows AD server is prod.rr.local, I added it to hosts file so it can be resolved. AD administrative user is for example "someuser".
This is what I have in /etc/openldap/ldap.conf:
URI ldap://prod.rr.local/
BASE dc=rr,dc=local

in /etc/pam_ldap.conf I have:
base dc=rr,dc=local
rootbinddn cn=someuser,dc=rr,dc=local (Not sure if I needed this line?)

in /etc/nslcd.conf:

uri ldap://prod.rr.local
base dc=rr,dc=local
ssl no
tls_cacertdir /etc/openldap/cacerts

Is this is all I need to be able to peform ldapsearch command?

Re: Configuring OpenLDAP Client (slapd.conf missing)

Posted: 2012/11/27 18:21:22
by TrevorH
Try adding the -x switch to your ldapsearch command.

Re: Configuring OpenLDAP Client (slapd.conf missing)

Posted: 2012/11/27 20:14:04
by bratan
Same error :(
I'm missing something...

Re: Configuring OpenLDAP Client (slapd.conf missing)

Posted: 2012/11/27 23:23:51
by TrevorH
So this works for me:

Edit /etc/openldap/ldap.conf and add URI ldap://your.domain.controller

Run `ldapsearch -x -W -D "myemailaddress@mydomain.com" -LLL