CentOS 5 Server :: Openldap Security SSL ?

Feb 2, 2011

I configured OpenLdap and now I want to configure it using TLS-SSL

But I cannot get it working with the Linux clients. Environment: Centos 5.5

Openldap Server configuration:

View 12 Replies


ADVERTISEMENT

CentOS 5 Server :: How To Install OpenLDAP

Nov 23, 2009

I want to build a domain like abc.com in my LAN environment. Kindly tell me step by step procedure of installing OpenLDAP on CentOS 5.3.

View 2 Replies View Related

Security :: Setup A Kerberos + OpenLDAP Server To Manage Users For Our Samba Shares

Feb 13, 2011

Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.

I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.

When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.

View 3 Replies View Related

CentOS 5 Server :: Openldap Acl Not Working As Expected?

Jun 22, 2009

CentOS 5.2. Openldap server-2.3.27-8.el5_2.4 I'm trying to get the server to do two things. One is allow authentication--that is, if a client is configured to use openldap for authentication, it should be able to access this server.

In other words, on machine_2, a client, doing getent passwd (as a quick test) will show the users in the openldap database. The more or less out of the box configuration works for this. However, as soon as I start trying to add ACLs, it stops working. For example, I want to restrict access to an address book which is also in the database. So I have

access to base.dn(changing base to subtree makes no difference) "ou=addressbook,dc=example, dc=com"
by users read by anonymous auth Now, even though this is just the address book, after that, an ldap client can no longer get the names of users in ou=People, and using the ldap server for authentication doesn't work.

I don't understand what I'm missing. ACLs are supposed to work first match wins. *IF* I add under that, access to * by * read, it will work, but the address book can then be accessed without a bind dn.

I am not sure what I'm overlooking. If I put in any sort of access control, the only way that clients can continue to use the server for authentication is adding that access to * (or to dc=example,dc=com"), by * read. I tried using access to ou=Group and ou=Peoplle by * read, thinking that would allow the clients to authenticate, but that doesn't work either, The idea is to allow any machine configured as a client to use it for authentication, but also to restrict viewing the address book only to those with a proper bind dn name.

View 4 Replies View Related

CentOS 5 :: Openldap Client Won't Bind To Server

Jul 2, 2011

I can't get the client server to authenticate to the openldap server. I can authenticate on the server itself though. I can su to, login and shh into the openldap server and become a ldap user. I just can't become an ldap user on the client.I didn't setup TLS/SSL. I can do that after I have it working. I'm using hashed passwords though. I don't have replication setup. I'm am tying to setup the most basic openldap environment then build from there. I have read the openldap section in the admin guide.

My setup at home.

Openldap server � light.deathnote.net -- 10.0.1.21
client server � vm-centos01.deathnote.net � 10.0.1.7 -- VM on virtualbox
Virtualbox host � L (OS MAC) � 10.0.1.2
router (apple airport extreme) / default gatway � 10.0.1.1

All computer can reach the internet and ping each other. When I installed centos I disabled SELinux.I used these guids to setup my openldap.

[URL]

Below I have included some output from the files I'm using with openldap.

[root@vm-centos01 ~]# tail /var/log/messages
Jul 2 09:25:33 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
Jul 2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server
Jul 2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server

[code]....

View 5 Replies View Related

Fedora :: Remove Openldap From Centos Home-server?

Aug 17, 2010

I would like to remove openldap from my Centos home-server..

Centos offers me:

Quote:

Removing:
openldap i386 2.3.43-12.el5_5.2 installed 592 k
openldap x86_64 2.3.43-12.el5_5.2 installed 598 k

[Code]...

..obviously I'll not remove openldap by this operation.. but my question is: there is another way to remove a single package with yum without "consequences"?

View 4 Replies View Related

CentOS 5 Server :: Authenticate Windows Users From Openldap?

Apr 30, 2011

Friends is there some way to authenticate Microsoft windows users from openldap running on CentOS. I will be very thankful if you provide me step by step procedure.

View 1 Replies View Related

Security :: OpenLDAP / NSS / PAM Produce Logs Of Failed Login Attempts?

Feb 16, 2011

I am trying to get OpenLDAP to authenticate user logins, but running around in circles. Are there any logs produced by either client and/or server that would indicate possible reasons why it was unable to login as a user?Below is an explanation, any ideas would be appreciated, as I think everything is setup as per the various articles on using LDAP.

I have a CentOS 5.5 OpenLDAP server, and several others, some host services, some are file shares (samba).So far I have been able to successfully configure OpenLDAP to carry out all the ldap* commands from both the local server and from any of the remote servers, either via non-ssl or ssl connections. However, as soon as I try connecting any services up to it, it doesn't play ball.Back to basics, having cleared off all previous attempts at this from all machines, I have gone through the following:

Installed OpenLDAP server/client on host (plus nss_ldap).
Configured /etc/openldap/slapd.conf (see below)
Configured /etc/openldap/ldap.conf (see below)

[code]...

View 2 Replies View Related

CentOS 5 Networking :: OpenLDAP + TLS Works But Is Very Slow?

Aug 1, 2009

I've just installed my first OpenLdap + TLS + Samba + Webmin box.Everything seems to work but when i try to open the Ldap User and group module from Webmin, it takes about 3 minutes but it works.When i use $ getent passwd or$ getent group.to see if everything works okay, it also takes ages but does not show my ldap users...Here's my spec

$ cat /proc/version
Quote:Linux version 2.6.18-128.2.1.el5 (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-44)) #1 SMP Tue Jul 14 06:36:37 EDT 2009

View 3 Replies View Related

CentOS 5 :: Configure Error While Installing Openldap

Mar 22, 2010

I am facing the following error when im trying to install the openldap and running the ./ configure command.

./configure
Configuring OpenLDAP 2.4.21-Release ...
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu

[Code]...

View 2 Replies View Related

CentOS 5 Networking :: OpenLDAP And Samba PDC Setup?

Dec 17, 2010

I have setuped OpenLDAP+Samba PDC. When I create user and group -> Errors.
smbldap-group -a admin
No such object at /usr/sbin/smbldap_tools.pm line 457
smbldap-useradd -am -g admin admin
Could not find base dn, to get next uidNumber at /usr/sbin/smbldap_tools.pm line 1192

View 3 Replies View Related

Server :: OpenLDAP And TLS-SSL ?

Jan 25, 2011

I configured my openldap but now I want to implement SSL-TLS

This is my basic slapd.conf configuration

Code:

And I created this script (simple I know) to create this TLS/SSL Config but it won't work users cannot login

path when I am moving certs /etc/openldap/cacerts

Code:

As you see I create the key and certificate, assign permissions, add stuff to slapd.conf and finally copy thecer to a client PC

On client side I use authconfig-tui

My enviroment is Centos 5.5

what is wrong on my config?

View 5 Replies View Related

Fedora :: Error: Package Openldap-2.4.21-6.fc13.x86_64 (which Is Newer Than Openldap-2.4.21-4.fc13.i686

Jun 8, 2010

Code:
$ su -c 'yum install wine'
this forum won't let me put all the text in Transaction Check Error: package openldap-2.4.21-6.fc13.x86_64 (which is newer than openldap-2.4.21-4.fc13.i686) is already installed package nss-softokn-freebl-3.12.4-19.fc13.x86_64 (which is newer than nss-softokn-freebl-3.12.4-17.fc13.i686) is already installed

View 4 Replies View Related

CentOS 5 :: OpenLdap First Start: Bdb_db_open: Warning - No DB_CONFIG File Found

Feb 22, 2009

I'm stepping out with LDAP for the first time. It's up and running. My Question is really closer to DB4, the Berkely database. When I start the ldap service I get this output:

# service ldap restart
Stopping slapd: [ OK ]
Checking configuration files for slapd: bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=example,dc=com.
config file testing succeeded

View 3 Replies View Related

Server :: Add A New Schema To Openldap 2.4.11?

Jan 28, 2009

Openldap 2.4.11 uses cn=config as the main configuration instead of slapd.conf .

How to add a new schema to openldap 2.4.11 that uses cn=config.

View 12 Replies View Related

Server :: Openldap And Self Authentication?

Aug 24, 2010

I was thinking of merging my openldap and samba bdc servers. Is it ok for a server to authenticate against itself? (ie ldap.conf points to localhost)

View 1 Replies View Related

Server :: OpenLDAP Configuration On Red Hat 5.4?

Jul 13, 2011

I have a RHEL 5.4 server installed in a server farm. The server is administered under a central AD, which means that administrators are registered in the AD.

However, I have to deploy an application on the linux server, that will use it's own OpenLDAP server. This means that this application will be the client to the LDAP server installed on the same RHEL server.

I tried installing OpenLDAP using yum and it resulted in a very fatal issue. Somehow the configuration files used for finding the Linux server from the AD was overwritten and the Linux server was not reachable anymore.

After some investigations, and possibly, rebuild, the server has been handed over to me.

The problem is how should I install OpenLDAP so that the existing connection to AD is not lost.

On the Linux server I see a /etc/openldap directory but only contains ldap.conf and cacerts directory.

View 3 Replies View Related

Server :: Cannot Map SASL DN To OpenLDAP's DN

Jul 27, 2011

I am having some trouble with Cyrus SASL and OpenLDAP. I tried to configure OpenLDAP using SASL for all conection but I cannot map the SASL-DN to OpenLDAP's DN. Below is my configuration file, slapd.conf

[code]...

After I finished the configuration, I try to use ldapsearch tool to verify, but I cannot:

[code]...

View 10 Replies View Related

Server :: Openldap Client Fails To Connect Ldap Server 'ldap_bind - Can't Contact LDAP Server

Sep 28, 2010

Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.

Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:

ldapsrv is pingable:

Some outputs:

PHP Code:

PHP Code:

View 20 Replies View Related

Server :: OPENLDAP Client Integration With Server

Aug 27, 2010

I've configured OPENLDAP server on the CentOs 5.3. Well everything is working fine .All the uses have been added to the database.database is bdb in ldap configuration.Now client machine is on windows xp. how to integrate Windows Xp with the LDAP server for authentication.

View 5 Replies View Related

Server :: Configure Netgroup In Openldap?

Jan 31, 2011

I want to configure Netgroup in openldap. I am using Redhat Linux 5.5.

View 1 Replies View Related

Server :: OpenLDAP - Changing DN Format?

Apr 30, 2010

I currently have an OpenLDAP server where everytime I add a new user their DN looks like this:
DN: cn=username,ou=people,dc=domainname,dc=com
Is their anyway I can change there dn to be in the following format?
username@domainname.com

View 4 Replies View Related

Server :: Ubuntu 10.0.4 LTS Openldap Configuration

Aug 5, 2010

I'm having much problems trying to configure openldap on Ubuntu 10.0.4 LTS
I have tried many tutorials, many configuration but still without results, I made the following script (for not repeating the same work, again & again)

Code:
#!/bin/sh
passwd=xxxxxx
dc1=host
dc2=com

[Code]....

View 14 Replies View Related

Security :: Best IDS For Server (centos)?

Apr 8, 2010

I had two continues attack on our server(web hosting capnel)...The attacker is deleting one users public_html content so that he is losing his contents.. Actually all files are with owner as him. But I don't know what's happening? is it a good idea to use some IDS on server..would it be a overhead for server?

View 1 Replies View Related

Fedora Servers :: How To Configure OpenLDAP Server

Jun 8, 2009

I am planning to deploy an OpenLDAP server in my LAN for basic authentication, but I have no idea how to do it. I would like to know how to configure an OpenLDAP Server, and I would also like to know about knowledge resources, if any.

View 3 Replies View Related

Networking :: Extend The Directory To OpenLDAP Server And Mac

Apr 13, 2010

I am systems administator of the university CS lab. I have a Mac here and I'm trying to extend the directory to our OpenLDAP server. We use NFS as well. I know nothing of Macs in this respect except for the fact that they already have LDAP on them, which seems to be convenient.

View 3 Replies View Related

Server :: Openldap 2.3.43 Directory Read Only User?

Mar 8, 2011

I have no ACLs in place yet but want to use a user called ldap-auth-user to bind to the ldap servers directory from the client servers. However I keep on getting ldap_bind: Invalid credentials (49). Error. I know the UserPassword is correct because I can log into a server using that id and password through the LDAP directory. I am guessing it has something to do with the way I created the account.

This Works:

ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=testuser' -W

This Doesn't:

ldapsearch -D 'cn=ldap-auth-user,dc=test,dc=com' -x 'uid=testuser' -W

Here is the ldap-auth-users entry in the directory

[root@ldap-build-01 ~]# ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=ldap-auth-user' -W
Enter LDAP Password:
# extended LDIF

[code]....

View 6 Replies View Related

Server :: Openldap And Samba As Domain Controller?

Feb 13, 2010

i have configured samba as file server in fedora 11,it works fine for both windows and linux machines .but i want to configure ldap and samba as domain controller. Googled a lot on internet every thing is confusing me .

View 2 Replies View Related

Server :: OpenLDAP Authentication - Unable To Login?

Dec 22, 2010

I have configured a ldap server and trying to login to same ldap server using a ldap user. However, I am not able to login and getting the following in /var/log/secure:

Dec 22 20:06:29 redhat5 sshd[7241]: Invalid user ldapu1 from 192.168.85.1
Dec 22 20:06:31 redhat5 sshd[7242]: input_userauth_request: invalid user ldapu1
Dec 22 20:06:37 redhat5 sshd[7241]: pam_unix(sshd:auth): check pass; user unknown
Dec 22 20:06:37 redhat5 sshd[7241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.85.1
Dec 22 20:06:37 redhat5 sshd[7241]: pam_succeed_if(sshd:auth): error retrieving information about user ldapu1
Dec 22 20:06:39 redhat5 sshd[7241]: Failed password for invalid user ldapu1 from 192.168.85.1 port 4461 ssh2

I can see that if I use the ldapsearch with same filter, I am not able to locate the user "ldapu1". However, if I change the filter to (|(objectClass=posixAccount)(uid=ldapu1))", it shows me the ldap user:
[root@redhat5 ~]# ldapsearch -x -b "ou=Users,dc=homeldap,dc=com" -D "cn=Manager,dc=homeldap,dc=com" -W -H "ldap://127.0.0.1/" "(|(objectClass=posixAccount)(uid=ldapu1))"
Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <ou=Users,dc=homeldap,dc=com> with scope subtree
# filter: (|(objectClass=posixAccount)(uid=ldapu1))
# requesting: ALL

# ldapu1, Users, homeldap.com
dn: cn=ldapu1,ou=Users,dc=homeldap,dc=com
objectClass: inetOrgPerson
cn: ldapu1
sn: ldapu1
uid: ldapu1
userPassword:: bGRhcHV1MQ==

# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1

Where I have made a mistake?
- Is it necessary to create an account on Linux box and then migrate it to ldap?
- I was just wondering if I can somehow change the default filter from AND to OR at the time of login. I used "pam_filter |objectClass=inetOrgPerson" in ldap.conf.
However, it didn't change the filter.

View 5 Replies View Related

Server :: OpenLDAP : Bdb_substring_candidates: (telephoneNumber) Not Indexed?

Jul 27, 2011

I'm getting the following notice in slapd.conf when looking up an phone number to get the name of this contact :

Code:
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 fd=16 ACCEPT from IP=XX.XX.231.181:2898 (IP=0.0.0.0:389)
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 op=0 BIND dn="cn=110305,ou=110305,dc=myldap" method=128
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 op=0 BIND dn="cn=110305,ou=110305,dc=myldap" mech=SIMPLE ssf=0
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 op=0 RESULT tag=97 err=0 text=
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 op=1 SRCH base="dc=myldap" scope=2 deref=0 filter="(&(telephoneNumber=32777300999*)(sn=*))"

[Code]...

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved