LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 09-15-2009, 10:30 PM   #1
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Rep: Reputation: 30
Smile OpenLDAP integration with OpenVPN


I'm planning to install openLDAP in our network so to have a single sign on feature for all our internal apps.

I do however have openvpn already setup in the network.

Is it possible to integrate openVPN with openLDAP?

If so, how can this be done?

Will openLDAP allow me to auto-populate my user credens. coming from openVPN's records?

Any help is much appreciated.

Cheers!
DB
 
Old 09-16-2009, 10:16 AM   #2
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 65
Well, there is this: http://code.google.com/p/openvpn-auth-ldap/

I'm not exactly sure how OpenVPN works, but if you can use PAM for authentication/authorization, then you can use OpenLDAP.
 
Old 09-21-2009, 03:34 PM   #3
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Meson View Post
Well, there is this: http://code.google.com/p/openvpn-auth-ldap/

I'm not exactly sure how OpenVPN works, but if you can use PAM for authentication/authorization, then you can use OpenLDAP.
Before I go further, I need to know on how to populate or create my database with my users' credentials in order to test see if authentication works?

I have followed the docs posted in openLDAP but seems no clue on how can I create users within LDAP and test see if it works...

I was hoping to populate this by copying whatever's in my openVPN but if I needed to do from scratch, then that's fine as well.

Please advise.
 
Old 09-21-2009, 06:13 PM   #4
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 65
Quote:
Originally Posted by deibertine View Post
I have followed the docs posted in openLDAP but seems no clue on how can I create users within LDAP and test see if it works...
Have you used OpenLDAP before? It's extremely flexible. You can pretty much do whatever you want to "create" a user. That being said, there are certain objectclasses which are helpful. I think posixAccount and the userPassword attribute might be nice =). Make sure you choose a secure hashing method for the password, http://www.openldap.org/doc/admin24/...word%20Storage see SSHA.
 
Old 09-21-2009, 11:38 PM   #5
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Meson View Post
Have you used OpenLDAP before? It's extremely flexible. You can pretty much do whatever you want to "create" a user. That being said, there are certain objectclasses which are helpful. I think posixAccount and the userPassword attribute might be nice =). Make sure you choose a secure hashing method for the password, http://www.openldap.org/doc/admin24/...word%20Storage see SSHA.
No this would be the first time configuring/implementing openLDAP for me. :-(

So on the openLDAP server I can pretty much add my ldap users by using the basic "useradd" command?
i.e. ldapserver# useradd ldapuser1

How do I tell to use openLDAP so the user "ldapuser1" can authenticate throughout our network servers/services?

I've read the documentation and got me confused since it doesnt really explain on how it works in a user prospective (logging in, authenticate, etc)...I know in Windows domain it authenticates as part of an AD structure but how does it work with openLDAP?

DB
 
Old 09-22-2009, 12:33 AM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5
Posts: 16,076

Rep: Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983
This is a really good howto on OpenLDAP http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

Another article http://www.linuxtopia.org/online_boo...monsutils.html


Both those 'books' also cover VPNs.
HTH
 
Old 09-22-2009, 01:29 AM   #7
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 65
Quote:
Originally Posted by deibertine View Post
i.e. ldapserver# useradd ldapuser1
That is a whole 'nother can of worms. I think you want native LDAP users, not system users.
 
Old 09-22-2009, 11:51 AM   #8
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Meson View Post
That is a whole 'nother can of worms. I think you want native LDAP users, not system users.
Ok so how do I populate users and be recognized in my openLDAP?

Please advise.

Thanks!
 
Old 09-22-2009, 02:11 PM   #9
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 65
I'm sorry I don't remember all of the schema off the top of my head. I haven't played around with ldap in a while and I don't currently have running ldap server to toy with. I can suggest Apache Directory Studio though. It's a GUI and will connect to an OpenLDAP server. I found it to be a lot of help when I was first learning. Also, the guys in #openldap (and #ldap) on freenode are very helpful.

You can create a users dn in your tree and start by seeing how your root/admin account is setup.
 
Old 09-22-2009, 09:47 PM   #10
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by chrism01 View Post
This is a really good howto on OpenLDAP http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

Another article http://www.linuxtopia.org/online_boo...monsutils.html


Both those 'books' also cover VPNs.
HTH
Thanks for the post/links.
I followed the instructions and used the migrating tools avail.

However got this script errors after running this command: /usr/share/openldap/migration/migrate_all_offline.sh

Creating naming context entries...
Migrating aliases...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Importing into LDAP...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
Preparing LDAP database...
/etc/ldap/slapd.conf: line 107: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 124: rootdn is always granted unlimited privileges.
hdb_db_open: database "dc=nodomain": unclean shutdown detected; attempting recovery.
bdb(dc=nodomain): Ignoring log file: /var/lib/ldap/log.0000000001: unsupported log version 14
bdb(dc=nodomain): Invalid log file: log.0000000001: Invalid argument
bdb(dc=nodomain): PANIC: Invalid argument
bdb(dc=nodomain): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery
hdb_db_open: database "dc=nodomain" cannot be recovered, err -30978. Restore from backup!
bdb(dc=nodomain): txn_checkpoint interface requires an environment configured for the transaction subsystem
bdb_db_close: database "dc=nodomain": txn_checkpoint failed: Invalid argument (22).
backend_startup_one: bi_db_open failed! (-30978)
slap_startup failed
Migration failed: saving failed LDIF to /tmp/nis.7022.ldif
 
  


Reply

Tags
openldap, openvpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
openldap windows AD integration pblackaller Linux - General 1 07-02-2009 11:11 PM
MediaWiki & OpenLDAP Integration inescapeableus Linux - Server 0 09-20-2007 04:50 PM
OpenLDAP for web application SSO integration mytto Linux - Networking 3 02-15-2006 11:23 AM
Network Attached Storage (NAS) - OpenLDAP/Samba integration question scarab02 Linux - Networking 0 01-17-2006 02:05 PM
Sendmail to Openldap integration kaushik2510 Linux - Software 1 08-06-2003 09:16 AM


All times are GMT -5. The time now is 02:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration