8e6 R3000 Setup when using OpenLDAP for Authentication
Notes:
- OpenLDAP configuration verified in DirSec lab.
- The following changes require 'root' level access to R3000 appliance (via console).
Modify contents of following file:
/usr/local/shadow/etc/ldapgroup/<Dxxxxxxx>/ldapobjectdef.conf
# change following two lines for OpenLDAP -GA
# LDC_LDAP_query_nameattribute_user distinguishedName
# LDC_LDAP_query_nameattribute_group distinguishedName
LDC_LDAP_query_nameattribute_user uid
LDC_LDAP_query_nameattribute_group cn
# change following line for OpenLDAP -GA
# LDC_LDAP_query_name_prefix CN=
LDC_LDAP_query_name_prefix uid=
After ldapobject.conf modified, re-start the R3000 appliance (or execute following command 'kill.R3000' and wait for processes to restart at top of minute).
Successful Tier3 Authentication Event
sample from OpenLDAP event log (/var/log/slapd.log)
Notes:
- R3000 "account" used for connecting to OpenLDAP Directory Service: "8e6bind"
- end-user username used for authentication: "garretta"
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=4 BIND anonymous mech=implicit ssf=0
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=4 BIND dn="uid=8e6bind,ou=services,dc=lab,dc=dirsec,dc=com" method=128
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=4 BIND dn="uid=8e6bind,ou=Services,dc=lab,dc=dirsec,dc=com" mech=SIMPLE ssf=0
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=4 RESULT tag=97 err=0 text=
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=5 SRCH base="dc=lab,dc=dirsec,dc=com" scope=2 deref=3 filter="(&(|(objectClass=inetOrgPerson)(objectClass=organizationalPerson)(objectClass=person))(uid=garretta))"
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=5 SRCH attr=distinguishedName
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=6 BIND anonymous mech=implicit ssf=0
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=6 BIND dn="uid=garretta,ou=People,dc=lab,dc=dirsec,dc=com" method=128
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=6 BIND dn="uid=garretta,ou=People,dc=lab,dc=dirsec,dc=com" mech=SIMPLE ssf=0
Jul 29 16:16:52 linux1 slapd[31972]: conn=34 op=6 RESULT tag=97 err=0 text=
