My team gets a lot of questions from customers on the Centrify LDAP proxy. The main requirements driving the interest is integration of filers with AD for multi-protocol (CIFS and NFS) sharing. We also get requests for integrating to AD LDAP compliant applications that do not support LDAP with Kerberos or complex AD environments, think Hadoop.
My colleague @Centrify_Mike, published a great definitive guide to the LDAP Proxy here. Mike does a great job of explaining the need for the LDAP Proxy and Production rollout recommendations like how to secure the LDAP Proxy, configuring RFC2307 mappings, etc.
What I wanted to do here is provide a simple guide to installing and getting the LDAP proxy configured in under 1 minute to allow customers to quickly test and validate the solution.
Note: Since we want to simply test, we're turning off security. For production rollout, we highly recommend securing the LDAP Proxy as discussed in Mike's definitive guide.
Here are the 5 steps to quickly install and configure the LDAP Proxy. The system running the LDAP proxy in this example is RHEL 6, therefore, if running the LDAP proxy on a different OS platform, replace the rpm and service commands accordingly:
1) Install the LDAP Proxy - rpm -ivh centrifydc-ldapproxy-5.3.1-rhel4-x86_64.rpm
2) Allow Remote Connections - echo "STARTUP_OPTS=\"-h ldap://\"" >> /etc/sysconfig/centrify-ldapproxy
3) Turn Off security - echo "ldapproxy.require.authc: false" >> /etc/centrifydc/centrifydc.conf
4) Restart Centrify - service centrifydc restart
5) Start the LDAP Proxy - service centrify-ldapproxy start
That is it. Once you install, configure and start the service, make sure its running:
$ ps -ef | grep slapd$
root 15598 1 0 18:09 ? 00:00:00 /usr/share/centrifydc/libexec/slapd
Lastly test the LDAP proxy to make sure its working properly. To test the filer use case where the filer can retrieve UNIX data from the LDAP proxy, the test query below will search for the uidNumber and gidNumber of a user:
# /usr/share/centrifydc/bin/ldapsearch -LLL -h engcen6 -x -p 389 "(&(objectclass=posixAccount)(uid=carmen.santiago))" uid uidNumber gidNumber
dn: cn=Carmen Santiago,ou=Other,ou=Staff,dc=centrify,dc=vms
Remember to secure the LDAP proxy when finished with your testing.
1) Turn ON security - sed -i s/ldapproxy// /etc/centrifydc/centrifydc.conf
2) Restart Centrify - service centrifydc restart
3) Restart the LDAP Proxy - service centrify-ldapproxy restart
There you have it. The installation, configuration and testing of the LDAP proxy in under 1 minute.
Happy LDAP proxing!
Technical Director - NA East, LATAM