Installing the Centrify OpenLDAP proxy service

On most platforms, the centrifydc-ldapproxy package is available with the Centrify agent software package but is not installed by default. You can select the package in the installation script or install it using a native package installer.

To run the Centrify OpenLDAP proxy service, the computer must:

  • Be joined to an Active Directory domain.
  • Have the Centrify agent installed and the adclient running.

In the following example, the agent is installed on a Linux computer and the computer is joined to the pistolas.org Active Directory domain.

To install the Centrify OpenLDAP proxy service on a Linux computer

  1. Log on or switch to the root user, then navigate to the directory where you extracted Centrify files.

    For example, if you ran the gunzip and tar commands in the /tmp directory, change to the /tmp directory.

  2. Run install.sh or a native package manager to install the files.

    For example, run the following command:

    ./install.sh

    You can type K to keep any existing packages you have installed. When you see the Install the CentrifyDC-ldapproxy package prompt, type Y. Follow the remaining prompts displayed to complete the installation.

    Alternatively, you can use a native package manager. For example on most Linux distributions, you can run a command similar to this:

    rpm -Uvh centrifydc-ldapproxy-release-arch.rpm

    If you are installing on Solaris, unzip and extract the contents of the package, then run a command like this:

    pkgadd –d CentrifyDC-ldapproxy -a admin

    If you are using an installation program, such as SMIT or YAST, see the documentation for that program.

  3. If you want to start the ldapproxy service with parameters, configure the STARTUP-OPTS option.

    Run the appropriate command for your platform.

    • For CentOS, SLES

      echo "STARTUP_OPTS=\"-h ldaps:///\"" >> /etc/sysconfig/centrify-ldapproxy
    • For Debian

      echo "STARTUP_OPTS=\"-h ldaps:///\"" >> /etc/default/centrifyldapproxy
    • For HPUX

      echo "STARTUP_OPTS=\"-h ldaps:///\"" >> /etc/rc.config.d/centrify-ldapproxy
    • For AIX

      chssys -a "-d 0 -h ldaps:///" -s centrify-ldapproxy
    • For Solaris without Service Management Facility (SMF)

      echo "STARTUP_OPTS=\"-h ldaps:///\"" >> /etc/centrifydc/openldap/centrify-ldapproxy.conf
    • For Solaris with Service Management Facility (SMF)

      svccfg -s centrify-ldapproxy setprop 'slapd/STARTUP_OPTS=("-h""ldaps:///")'
  4. Start the centrify-ldapproxy service.

    For example, on Linux computers:

    /usr/share/centrifydc/bin/centrify-ldapproxy start
  5. Test the service by searching for an object in the Active Directory domain.

    For example, to search for groups in the domain, you might type commands like this:

    cd /usr/share/centrifydc/bin
    ldapsearch -h localhost -p 389 -x -b “dc=pistolas,dc=org” 
    ‑s sub "objectClass=group" -D
    "cn=amy.adams,cn=users,dc=pistolas,dc=org" -w password

    The -h and -p options are required to connect to Active Directory using the proxy service and the Centrify agent. If the LDAP proxy service is not on the local computer, use the -h option to specify the name of the computer where you have installed it.

    You can also connect to Active Directory directly using a valid user name and password. For example:

    ldapsearch -D "cn=amy.adams,cn=users,dc=pistolas,dc=org" -W
    -h dc2012.pistolas.org -p 389 -x -b "dc=pistolas,dc=org"
    -s sub "objectClass=group"
  6. (Optional) Review and modify, if necessary, the default centrify‑ldapproxy service start-up script in the /etc/init.d/ directory.

    You can use the /usr/share/centrifydc/bin/centrify‑ldapproxy script to start, stop, restart or check the status of the Centrify OpenLDAP proxy service.

    Note: By default, the service starts automatically when the computer restarts.