Using TLS/SSL to secure OpenLDAP Data:

With the advent of NSA snooping, corporate espionage, and general employee mischief, it’s time to start utilizing encryption to snoop-proof data streams emanating from corporate networks.  LDAP is but one of many protocols in which encryption is necessary – see flowchart below.  This article will focus on using TLS/SSL on the interconnected streams of data originating from and to an OpenLDAP Server and its dependent services.  It will not contain much in the area of OpenLDAP ACL’s as a means to segregate different users and data with differing levels of encryption, nor will it focus on SASL and Kerberos as a means to secure data.  Again, these topics will present themselves in a future related article.

 

Continue reading “Openldap and Multi-Master Replication in FreeBSD – Part V: TLS/SSL to secure OpenLDAP Data”

Name Server Switch using nss-pam-ldapd:

In Part IV, nss-pam-ldapd and /etc/nsswitch.conf are configured to allow the OpenLDAP server to provide user account, group, host name, etc. that would normally come from /etc/passwd, /etc/group, or NIS. Continue reading “Openldap and Multi-Master Replication in FreeBSD – Part IV: Name Server Switch Setup”

Replication using Syncrepl N-Way Multi-Master:

 

In Part II of this series, phpLDAPadmin was installed and configured to manage an OpenLDAP Directory.  Part III will demonstration OpenLDAP Replication using Syncrepl N-Way Multi-Master configuration. Continue reading “Openldap and Multi-Master Replication in FreeBSD – Part III: Replication”

Managing OpenLDAP with phpLDAPadmin:

 

In the last article, we demonstrated setting up and configuring a basic OpenLDAP Server for authentication.  However, to manage your newly minted OpenLDAP Directory, a front-end to provide that functionality.  In this post, Apache 2.4, PHP 5 and phpLDAPadmin will be installed and configured to manage your Directory. Continue reading “Openldap and Multi-Master Replication in FreeBSD – Part II: PHPLdapAdmin”

Installing and configuring OpenLDAP:

Part I of this series on OpenLPAD concentrates on configuring a simple OpenLDAP Server.  Our goal in adopting OpenLDAP is to provide an authentication mechanism for our LAN Clients, in particular Macintosh OSX Clients, to login to the network and work with data on network shares.  Additionally, the installation of OpenLDAP will include the new backend database lmdb – OpenLDAP’s own Lighting Memory-Mapped Database to store Openldap objects. Continue reading “Openldap and Multi-Master Replication in FreeBSD – Part I: OpenLDAP”