How to Configure LDAPs on EyesOfNetwork
Presentation
EyesOfNetwork can be connected to a database of external accounts through the LDAP(s) protocol.
Configuration
Prerequisites
- EyesOfNetwork >= 5.0
- Have access to the EyesOfNetwork administration interface
- Have TTY power user to EyesOfNetwork
- Have the certificate of your certification authority exported in Base-64 format
Adding the certification authority to certificates recognized by OpenLDAP
- Deposit the certificate of your certification authority in the /tmp directory of EON
- Convert the certificate to PEM format and place it in the OpenLDAP certificates directory
openssl x509 -in /tmp/ROOT-CA.cer -out /etc/openldap/certs/ROOT-CA.pem
chown apache:root /etc/openldap/certs/ROOT-CA.pem
chmod 0400 /etc/openldap/certs/ROOT-CA.pem
- Adding certificat in trust store
cp /etc/openldap/certs/ROOT-CA.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
- Restarting httpd
systemctl restart httpd
Configuration in EyesOfNetwork
Investigations
You may encounter an error while logging in to your Domain Controller. In order to investigate the problem and thus have more details, you can try to establish the connection interactively php.
php -a
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$ldapconn=ldap_connect("ldaps://FQDN","636");
$ldapbind=ldap_bind($ldapconn, "CN=SERVICE-ACCOUNT,OU=Users,DC=mydomain,DC=fr", "MY-PASSWORD");