[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How to secure LDAP ? SSL support ?
I don't understand what you need, but I'll try to help you:
In my slapd.conf I wrote:
TLSCertificateFile /etc/openldap/newcert.pem
TLSCertificateKeyFile /etc/openldap/newcertkey.pem
TLSCACertificateFile /etc/openldap/demoCA/private/cacert.pem
as I found in http://www.bayour.com/LDAPv3-HOWTO.html#3.1.4.Creating SSL
certificate|outline
To create the certificates I used:
http://www.openldap.org/lists/openldap-devel/200006/msg00068.html
I launch the server like:
start-stop-daemon --start --quiet --pidfile /var/run/slapd.pid --exec
/sbin/slapd -- -h "ldap://0.0.0.0:389 ldaps://0.0.0.0:639"
Then I do
ldapsearch -x -H ldaps://my.domain.com:639 -D
'cn=what-you-want' -b
'cn=kkkk,cn=what-you-want' -w 'secret' -s base (objectclass=*)
Don't forget to write un your certificate "my.domain.com" and don't use
localhost.
If you are running under Linux you will need the SSL libraries for
developers (openssl is the most common). Under windows, maybe the API,
although is worse than the Netscape SDK.
I hope this helps you.
Best regards,
On 30 de abr de 2002, a las 11:41 +0200, Yves Robin wrote:
> Hi,
>
> I am looking for securing LDAP transferts between our client application and
> existing LDAP servers that already have support for SSL. And i would
> appreciate to re-use existing code or libraries...
>
> Is there any built-in client function in Openldap 2.0.x to easily open and
> negociate a SSL session with the servers ? Or some code example ? I didn't
> see any in the FAQ...
>
> Thanks for help.
>
> Yves Robin
>
--
Guillermo.
-----------------------------------------------------------
() ascii ribbon campaign - against html mail
/\ - against microsoft attachments
-----------------------------------------------------------