Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

The Centrify LDAP Proxy - From Installation to testing in under 1 minute

11 April,19 at 11:51 AM

My team gets a lot of questions from customers on the Centrify LDAP proxy.  The main requirements driving the interest is integration of filers with AD for multi-protocol (CIFS and NFS) sharing.  We also get requests for integrating to AD LDAP compliant applications that do not support LDAP with Kerberos or complex AD environments, think Hadoop.


My colleague @Centrify_Mike, published a great definitive guide to the LDAP Proxy here.  Mike does a great job of explaining the need for the LDAP Proxy and Production rollout recommendations like how to secure the LDAP Proxy, configuring RFC2307 mappings, etc.


What I wanted to do here is provide a simple guide to installing and getting the LDAP proxy configured in under 1 minute to allow customers to quickly test and validate the solution.  


Note:  Since we want to simply test, we're turning off security.  For production rollout, we highly recommend securing the LDAP Proxy as discussed in Mike's definitive guide.  


Here are the 5 steps to quickly install and configure the LDAP Proxy.  The system running the LDAP proxy in this example is RHEL 6, therefore, if running the LDAP proxy on a different OS platform, replace the rpm and service commands accordingly:


1)    Install the LDAP Proxy   - rpm -ivh centrifydc-ldapproxy-5.3.1-rhel4-x86_64.rpm
2)    Allow Remote Connections - echo "STARTUP_OPTS=\"-h ldap://\"" >> /etc/sysconfig/centrify-ldapproxy
3)    Turn Off security        - echo "ldapproxy.require.authc: false" >> /etc/centrifydc/centrifydc.conf
4)    Restart Centrify         - service centrifydc restart
5)    Start the LDAP Proxy     - service centrify-ldapproxy start

That is it.  Once you install, configure and start the service, make sure its running:


$ ps -ef | grep slapd$
root      15598      1  0 18:09 ?        00:00:00 /usr/share/centrifydc/libexec/slapd

Lastly test the LDAP proxy to make sure its working properly.  To test the filer use case where the filer can retrieve UNIX data from the LDAP proxy, the test query below will search for the uidNumber and gidNumber of a user:


# /usr/share/centrifydc/bin/ldapsearch -LLL -h engcen6 -x -p 389 "(&(objectclass=posixAccount)(uid=carmen.santiago))" uid uidNumber gidNumber
dn: cn=Carmen Santiago,ou=Other,ou=Staff,dc=centrify,dc=vms
gidNumber: 1040191499
uid: carmen.santiago
uidNumber: 1040191499
sAMAccountName: carmen.santiago


Remember to secure the LDAP proxy when finished with your testing.  


1)    Turn ON security         - sed -i s/ldapproxy// /etc/centrifydc/centrifydc.conf
2)    Restart Centrify         - service centrifydc restart
3)    Restart the LDAP Proxy   - service centrify-ldapproxy restart


There you have it.  The installation, configuration and testing of the LDAP proxy in under 1 minute.


Happy LDAP proxing!


Felderi Santiago

Technical Director - NA East, LATAM