LDAP Proxy

From UVOO Tech Wiki
Revision as of 19:08, 1 September 2020 by Busk (talk | contribs)
Jump to navigation Jump to search

DOCS

Doesn't Work

OpenLDAP Proxy

File Examples

testcache.sh 

export LDAPTLS_REQCERT=never
userdn="CN=myuser,OU=Domain Users,DC=example,DC=com"
userpass="XXXXX"
ldaphost="127.0.0.1"

ldapsearch -h ${ldaphost} -x -w "${userpass}" -D "${userdn}" -b "${basedn}" "(&(sn=Busk*)(givenName=Jeremy))" mail telephoneNumber givenName

/etc/ldap/slapd.conf 

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        none
modulepath      /usr/lib/ldap
moduleload      back_ldap.la
moduleload      back_hdb.la
moduleload      rwm
moduleload      pcache.la
moduleload memberof.la
sizelimit 500
tool-threads 1
backend         ldap
database                ldap
readonly        yes
protocol-version  3
rebind-as-user
norefs  yes
chase-referrals no


uri "ldap://ldap.example.com:389"
suffix          "dc=example,dc=com"
rootdn          "cn=dc=example,dc=com"



overlay pcache
pcache hdb 100000 3 1000 100
pcachePersist TRUE
directory       "/var/lib/ldap"
pcacheAttrset  0 mail postaladdress telephonenumber givenName
pcacheTemplate (&(sn=)(givenName=)) 0 3600
pcacheTemplate (sn=) 0 3600
pcacheTemplate (&(sn=)(givenName=)) 0 3600
pcacheTemplate (&(departmentNumber=)(secretary=*)) 0 3600

cachesize 20
index       objectClass eq
index       cn,sn,uid,mail  pres,eq,sub

/etc/default/slapd 

SLAPD_CONF=/etc/ldap/slapd.conf

Test and Start

slaptest -v -f /etc/ldap/slapd.conf
sudo systemctl restart slapd

pcap - notice that only auth credentials are passed for second query as matched query response is cached for your TTL that is set (1 hour) 

ngrep -d eth0 port 389
Retrieved from "https://tech.uvoo.io/index.php?title=LDAP_Proxy&oldid=833"