[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP SSL/TLS How-To by D. Kent Soper



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lozano, Carlos A. said:
>
> Hello,
>
>> Is this still applicable with OpenLDAP versions 2.2.13/14?
>>
>> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
>>
>> This is the last part of ldap I need to finish setting up. I have the
>> O'reilly book too, but it seems to skim past the fine details of TLS. I
>> have also read through the FAQ OpenLDAP TLS section.
>>
>> I think I need to really sit down and mess around a bit, but if this
>> guide
>> is a good base to start from, then I will go from there.
>
> Checked it with 2.2.11 here:
>
> Compile openldap with tls support --with-tls
> mkdir /var/myca
> cd /var/myca
> /usr/lib/ssl/misc/CA.sh -newca
> openssl req -new -nodes -keyout newreq.pem -out newreq.pem
> /usr/lib/ssl/misc/CA.sh -sign
> cp demoCA/cacert.pem /usr/local/etc/openldap/cacert.pem
> cp newcert.pem /usr/local/etc/openldap/servercrt.pem
> cp newreq.pem /usr/local/etc/openldap/serverkey.pem
>
> # TLS (slapd.conf)
> TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
> TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
> TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
>
> # TLS (ldap.conf in every client)
> TLS_CACERT /usr/local/etc/openldap/cacert.pem
>
> Check it with:
>
> /usr/local/bin/ldapsearch -x -b "YOURBASEHERE" \
>         -H 'ldap://YOURNAMESERVERHere:389' -ZZ
>
> Regards,
> Carlos.
>

Thanks, I will try.


> --
>  ___         _          \  |  /  Consulting
> | . |._ _  _| | ___  ___  ___    http://www.andago.com
> |   || ' |/ . |<_> |/ . |/ . \__ GNU/Linux
> |_|_||_|_|\___|<___|\_. |\___/     _ \  __|\ \  /
>  Carlos A. Lozano   <___'/ | \ -_) __/\__ \ >  <  -_)
>  [ carlos.lozano@andago.com ]\___|_|  ____/ _/\_\___|
>  [ calb@epsxe.com           ]  http://www.ePSXe.com
>


- --
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 587369
M +44 (0) 7930 323266
F +44 (0) 1224 742001
E ghenry@suretecsystems.com

Open Source. Open Solutions.

http://www.suretecsystems.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA/h2feWseh9tzvqgRAvNZAJsHJnO0p6eVf+u0qqqV7sxxSqGBPACgpsL4
rF1AZ0Do1596+yvIfGcQOP4=
=BUfg
-----END PGP SIGNATURE-----