Re: How to secure LDAP ? SSL support ?

[Guillermo López <100014675@alumnos.uc3m.es>]

  I don't understand what you need, but I'll try to help you:
  
  In my slapd.conf I wrote:
  TLSCertificateFile      /etc/openldap/newcert.pem
  TLSCertificateKeyFile   /etc/openldap/newcertkey.pem
  TLSCACertificateFile    /etc/openldap/demoCA/private/cacert.pem
  
  as I found in  http://www.bayour.com/LDAPv3-HOWTO.html#3.1.4.Creating SSL
certificate|outline

   To create the certificates I used:
   http://www.openldap.org/lists/openldap-devel/200006/msg00068.html
   
   I launch the server like:
   start-stop-daemon --start --quiet --pidfile /var/run/slapd.pid --exec
/sbin/slapd -- -h "ldap://0.0.0.0:389 ldaps://0.0.0.0:639"

   Then I do
   
   ldapsearch -x -H ldaps://my.domain.com:639 -D
   'cn=what-you-want' -b
   'cn=kkkk,cn=what-you-want' -w 'secret' -s base (objectclass=*)

   Don't forget to write un your certificate "my.domain.com" and don't use
localhost.

   If you are running under Linux you will need the SSL libraries for
developers (openssl is the most common). Under windows, maybe the API,
although is worse than the Netscape SDK. 
   
   I hope this helps you.
   
   Best regards,
   
On 30 de abr de 2002, a las 11:41 +0200, Yves Robin wrote:
> Hi,
> 
> I am looking for securing LDAP transferts between our client application and
> existing LDAP servers that already have support for SSL. And i would
> appreciate to re-use existing code or libraries...
> 
> Is there any built-in client function in Openldap 2.0.x to easily open and
> negociate a SSL session with the servers ? Or some code example ? I didn't
> see any in the FAQ...
> 
> Thanks for help.
> 
> Yves Robin
> 

-- 
                                               Guillermo.
-----------------------------------------------------------
  ()  ascii ribbon campaign - against html mail 
  /\                        - against microsoft attachments
-----------------------------------------------------------