Configuring OpenLDAP Client (slapd.conf missing)

Issues related to applications and software problems
Post Reply
bratan
Posts: 3
Joined: 2012/11/26 16:35:54

Configuring OpenLDAP Client (slapd.conf missing)

Post by bratan » 2012/11/26 16:41:09

Hi. I'm new to both CentOS and OpenLDAP.
I just need to configure very basic authentication with existing AD (Windows) for FTP users.
I've installed OpenLDAP client but cannot get it working.
All tutorials and even official CentOS docs talk about editing slapd.conf file. But I don't have this file :(
I think it was depreciated. So where would I add "rootdn" user? /etc/openldap/ldap.conf ?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Configuring OpenLDAP Client (slapd.conf missing)

Post by TrevorH » 2012/11/26 21:07:49

The slapd.conf file belongs to an openldap [u]server[/u] not a client. You need to look at /etc/openldap/ldap.conf and /etc/pam_ldap.conf and /etc/nslcd.conf (assuming you are running CentOS 6). If you're using SSL or STARTTLS then you will also need a copy of the CA certificate (if the server cert is not signed by a recognised CA) in /etc/openldap/certs. Configure those files first and test it with the ldapsearch command to see if it works.

bratan
Posts: 3
Joined: 2012/11/26 16:35:54

Re: Configuring OpenLDAP Client (slapd.conf missing)

Post by bratan » 2012/11/27 15:16:21

Thank you! Now it starts making more sense to me ! I'm not use SSL.
I'm still getting an error when performing ldpasearch:
ldapsearch -D "cn=someuser,dc=rr,dc=local" -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)


My Windows AD server is prod.rr.local, I added it to hosts file so it can be resolved. AD administrative user is for example "someuser".
This is what I have in /etc/openldap/ldap.conf:
URI ldap://prod.rr.local/
BASE dc=rr,dc=local

in /etc/pam_ldap.conf I have:
base dc=rr,dc=local
rootbinddn cn=someuser,dc=rr,dc=local (Not sure if I needed this line?)

in /etc/nslcd.conf:

uri ldap://prod.rr.local
base dc=rr,dc=local
ssl no
tls_cacertdir /etc/openldap/cacerts

Is this is all I need to be able to peform ldapsearch command?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Configuring OpenLDAP Client (slapd.conf missing)

Post by TrevorH » 2012/11/27 18:21:22

Try adding the -x switch to your ldapsearch command.

bratan
Posts: 3
Joined: 2012/11/26 16:35:54

Re: Configuring OpenLDAP Client (slapd.conf missing)

Post by bratan » 2012/11/27 20:14:04

Same error :(
I'm missing something...

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Configuring OpenLDAP Client (slapd.conf missing)

Post by TrevorH » 2012/11/27 23:23:51

So this works for me:

Edit /etc/openldap/ldap.conf and add URI ldap://your.domain.controller

Run `ldapsearch -x -W -D "myemailaddress@mydomain.com" -LLL

Post Reply