[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Setting up LDAP and SSL

To: "Adam Shand" <larry@spack.org>, "Corey Kovacs" <ckovacs@DEPAUW.EDU>
Subject: RE: Setting up LDAP and SSL
From: "Torsten Curdt" <tcurdt@dff.st>
Date: Mon, 5 Mar 2001 10:19:25 +0100
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <Pine.LNX.4.32.0103042258050.2111-100000@heyzeus.spack.org>

> > Form what I understand about SSL and LDAP, it seems that it is being
> > used to encrypt the transactions between the client and the server
> > (right?).
> 
> correct.

Also the binding credentials?

> > 1. How does one setup/test OpenLDAP to use/require SSL for searches.
> >         (other then simply compiling it in)
> 
> by default openldap uses starttls which means the client negotiates if ssl
> will be used or not but it doesn't require it.  there is some stuff you
> can do with command line switches to make slapd only run on port 636 (the
> ssl port) which would do what you want or i believe that you can require
> ssl for transport layer security with the security flag in slapd.conf.
> read the man page or search the lists.
> 
> to setup ssl you have to:
> 
> first you have to generate a self signed certificate with openssl.
> 
> # openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365
> 
> then add the certificate to slapd.conf:
> 
> TLSCertificateFile /path/to/server.pem
> TLSCertificateKeyFile /path/to/server.pem
> TLSCACertificateFile /path/to/server.pem
> 
> > 2. What is required in the client to _do_ the searches.
> 
> it needs to support ssl.
> 
> > 3. Can nss_ldap be told to use SSL for getting authorization info?
> 
> yes.

Can you tell us how? :)

Thanks
--
Torsten

Follow-Ups:
- RE: Setting up LDAP and SSL
  - From: Adam Shand <larry@spack.org>

References:
- Re: Setting up LDAP and SSL
  - From: Adam Shand <larry@spack.org>

Prev by Date: Re: acl question
Next by Date: some Jpegphoto (Base64) questions for browsers
Index(es):
- Chronological
- Thread