OpenLDAP integration with OpenVPN
I'm planning to install openLDAP in our network so to have a single sign on feature for all our internal apps.
I do however have openvpn already setup in the network. Is it possible to integrate openVPN with openLDAP? If so, how can this be done? Will openLDAP allow me to auto-populate my user credens. coming from openVPN's records? Any help is much appreciated. Cheers! DB :scratch: |
Well, there is this: http://code.google.com/p/openvpn-auth-ldap/
I'm not exactly sure how OpenVPN works, but if you can use PAM for authentication/authorization, then you can use OpenLDAP. |
Quote:
I have followed the docs posted in openLDAP but seems no clue on how can I create users within LDAP and test see if it works... I was hoping to populate this by copying whatever's in my openVPN but if I needed to do from scratch, then that's fine as well. Please advise. |
Quote:
|
Quote:
So on the openLDAP server I can pretty much add my ldap users by using the basic "useradd" command? i.e. ldapserver# useradd ldapuser1 How do I tell to use openLDAP so the user "ldapuser1" can authenticate throughout our network servers/services? I've read the documentation and got me confused since it doesnt really explain on how it works in a user prospective (logging in, authenticate, etc)...I know in Windows domain it authenticates as part of an AD structure but how does it work with openLDAP? DB :( |
This is a really good howto on OpenLDAP http://www.linuxhomenetworking.com/w...DAP_and_RADIUS
Another article http://www.linuxtopia.org/online_boo...monsutils.html Both those 'books' also cover VPNs. HTH |
Quote:
|
Quote:
Please advise. Thanks! |
I'm sorry I don't remember all of the schema off the top of my head. I haven't played around with ldap in a while and I don't currently have running ldap server to toy with. I can suggest Apache Directory Studio though. It's a GUI and will connect to an OpenLDAP server. I found it to be a lot of help when I was first learning. Also, the guys in #openldap (and #ldap) on freenode are very helpful.
You can create a users dn in your tree and start by seeing how your root/admin account is setup. |
Quote:
I followed the instructions and used the migrating tools avail. However got this script errors after running this command: /usr/share/openldap/migration/migrate_all_offline.sh Creating naming context entries... Migrating aliases... Migrating groups... Migrating hosts... Migrating networks... Migrating users... Migrating protocols... Migrating rpcs... Migrating services... Migrating netgroups... Importing into LDAP... Migrating netgroups (by user)... Migrating netgroups (by host)... Preparing LDAP database... /etc/ldap/slapd.conf: line 107: rootdn is always granted unlimited privileges. /etc/ldap/slapd.conf: line 124: rootdn is always granted unlimited privileges. hdb_db_open: database "dc=nodomain": unclean shutdown detected; attempting recovery. bdb(dc=nodomain): Ignoring log file: /var/lib/ldap/log.0000000001: unsupported log version 14 bdb(dc=nodomain): Invalid log file: log.0000000001: Invalid argument bdb(dc=nodomain): PANIC: Invalid argument bdb(dc=nodomain): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery hdb_db_open: database "dc=nodomain" cannot be recovered, err -30978. Restore from backup! bdb(dc=nodomain): txn_checkpoint interface requires an environment configured for the transaction subsystem bdb_db_close: database "dc=nodomain": txn_checkpoint failed: Invalid argument (22). backend_startup_one: bi_db_open failed! (-30978) slap_startup failed Migration failed: saving failed LDIF to /tmp/nis.7022.ldif |
All times are GMT -5. The time now is 08:02 AM. |