OpenLDAP

Information related to OpenLDAP and the TurnKey Linux OpenLDAP appliance.

MemberOf config for OpenLDAP

These resources have been tested and confirmed working on v14.2 TurnKey OpenLDAP appliance. Hopefully they will remain relevant to v15.x as well.

OpenLDAP official docs:
Reverse Group Membership Maintenance

Maarten De Paepe's blog:
How to enable MemberOf using OpenLDAP

OpenLDAP integration with other appliances

[undated - unsure if still relevant?!]

Note: settings in red must be changed according to your setup.

  • OpenLDAP
    • Log into phpLDAPadmin as administrative user
    • Create new user account (PosixAccount) in Users OU
    • Add mail attribute to new account
  • Redmine
    • Log into Redmine as administrative user
    • Click administration -> LDAP authentication
    • Click new authentication mode
      • Name: TurnKey OpenLDAP
      • Host: ldap.turnkeylinux.org
      • Port: 389 (LDAPS not checked) || 636 (LDAPS checked)
      • Base DN: ou=Users,dc=turnkeylinux,dc=org
      • On the fly user creation: (checked)
         
      • Login: uid
      • First name: givenName
      • Last name: sn
      • Email: mail
    • Click save
    • Click test
    • Logout
       
    • Log in as the user created in OpenLDAP
    • Smile...

 

 

Comments

Michael Grate's picture

Michael Grate - Wed, 2013/06/05 - 04:08

It isn't very clear how to configure client side with Turnkey Linux and documentation on the openweb is shotty, even for non-turnkey configurations.

anonymous's picture

anonymous - Wed, 2013/09/04 - 07:48

Yes I agree. How do we connect client side?

peppolon's picture

peppolon - Fri, 2013/12/06 - 12:19

Hi , the appliance work very well.

I need that users in any OU can login without specific your OU, example:

NOT

Login DN: cn=maxrisk,ou=engineer,dc=test,dc=com

But

Login DN: maxrisk

and if possible that the user cannot see all ldap tree but only his account and change only password.

....... I need that users can change your password without administrator do this...

It's Possible ???

 

Thanks

 

 

tgdinesh_babu's picture

tgdinesh_babu - Wed, 2014/02/19 - 11:03

Hi,

Can I create the multiple domain accounts in the single open LDAP server. I'm not able find the way to configure the new/second dc in the turnkey open ldap.

 

Thanks,

Dinesh

kavya's picture

kavya - Mon, 2015/01/12 - 08:26

Hi,

How to enforce user password related policy in turnkey open ldap 13? I found the following ldif content on openldap docs.

       dn: cn=default,ou=policies,dc=example,dc=com
       cn: default
       objectClass: pwdPolicy
       objectClass: person
       objectClass: top
       pwdAllowUserChange: TRUE
       pwdAttribute: userPassword
       pwdCheckQuality: 2
       pwdExpireWarning: 600
       pwdFailureCountInterval: 30
       pwdGraceAuthNLimit: 5
       pwdInHistory: 5
       pwdLockout: TRUE
       pwdLockoutDuration: 0
       pwdMaxAge: 0
       pwdMaxFailure: 5
       pwdMinAge: 0
       pwdMinLength: 5
       pwdMustChange: FALSE
       pwdSafeModify: FALSE
       sn: dummy value

But this has an object class called pwdPolicy which i don't see in turnkey openldap 13. Is there any other way for this?

CJ's picture

CJ - Wed, 2015/05/20 - 23:33

I'd like to have replication setup for backup/DR, and it seemed like older versions of the appliance could do that, is that still true?

Mounir's picture

Mounir - Sat, 2015/05/23 - 18:33

hi,

how can i acced in browser interfaces and thanks.
 

Jon's picture

Jon - Mon, 2016/09/12 - 17:39

Trying to implement LDAP into ownCloud, but getting warnings that the LDAP instance doesn't support MemberOf

Luis F. Gonzalez's picture

Luis F. Gonzalez - Tue, 2017/12/19 - 02:03

Ok - what is Redmine supposed to be?

Meenal's picture

Meenal - Mon, 2018/09/24 - 10:32
I have deployed and configured Turnkey openldap. I am successfully able to perform all the operations. I am getting error while connecting to openldap anonymously with secure connection.  Error Code : 53 (LDAP: error code 53 - unauthenticated bind (DN with no password) disallowed) ldapsearch -D "cn=ldapuser201" -b "dc=gslqa,dc=com" -s sub "(objectclass=*)" ldap_bind: Server is unwilling to perform (53)         additional info: unauthenticated bind (DN with no password) disallowed Need help enabling anonymous binding with secure connection   
Jeremy Davis's picture

Jeremy Davis - Mon, 2018/09/24 - 10:54

By default, our OpenLDAP implmentation shoudl be somewhat locked down, but unfortunately, I'm no expert on OpenLDAP, so I can't directly help.

Having said that, a quick google turned up a couple of posts that may be relevant:

https://unix.stackexchange.com/questions/255061/enable-anonymous-bind-in-openldap

https://serverfault.com/questions/748758/enable-anonymous-bind-in-openldap/748904#748904

https://stackoverflow.com/questions/50497256/how-to-re-enable-anonymous-login-in-openldap

http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-BindPW.html#LIMITANON

Also, it's worth keeping in mind that TurnKey v15.x is based on Debian 9/Stretch (v14.x was based on 8/Jessie). Our OpenLDAP applaince has OpenLDAP (slapd) 2.4.44 installed from the Debian repos. So the Debian wiki pages may also be of assistance:

https://wiki.debian.org/LDAP

There is also the OpenLDAP 2.4 Admin guide, specifically the "Authentication Methods" section in the "Security Considerations" page which might also give you some pointers.

Good luck with it all, and please post back with anything of interest that you find.