Skip to main content

Securing OpenLDAP and AD [Resolved]

We are using OpenLDAP server as a proxy to AD by adding AD as subordinate to OpenLDAP.

I've secured OpenLDAP traffic by using StartTLS connection, Now I've been told to use LDAPS protocol for the bind which we do to connect to AD Server(We are using simple bind).

So my question was, Is it necessary to use LDAPS for communication with AD as OpenLDAP is already using StartTLS?

I don't have much knowledge about OpenLDAP and AD so just wanted the suggestions.

I've used below configuration for adding backend ldap[Lightweight Directory Access Protocol (Proxy) backend] database.

dn: olcDatabase=ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: ldap
olcSuffix: ou=xyz,dc=xyz,dc=xyz
olcSubordinate: TRUE
olcAccess: to dn.subtree="ou=xyz,dc=xyz,dc=xyz"  by * read
olcAddContentAcl: FALSE
olcLastMod: FALSE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
olcDbURI: "ldap://xx.xx.xx.xx"
olcDbStartTLS: none starttls=no
olcDbACLBind: bindmethod=simple timeout=0 network-timeout=0 binddn="cn=xyz,ou=xyz,dc=xyz,dc=xyz" credentials="xxxxxxxxxxxxxxxxxxxxxx"
olcDbIDAssertBind: mode=legacy flags=prescriptive,proxy-authz-non-critical bindmethod=simple timeout=0 network-timeout=0 binddn="cn=xyz,ou=xyz,dc=xyz,dc=xyz" credentials="xxxxxxxxxxxxxxxxxxxxxx"
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: TRUE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE

Question Credit: Vishal
Question Reference
Asked December 7, 2017
Posted Under: Network
58 views
1 Answers

Your Answer
D:\Adnan\Candoerz\CandoProject\vQA