|
Hi LDAP gurus !!!!!
Can some one tell me how should i make my ldap
server SSL/TLS enable and what else, i have to take care.
currently, i'm getting the SSL not supported on the
client side application, when i'm using the Windows SDK
APIs(ldpa_get_option()).
content of my slapd.conf file is as
follows:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v
1.8.8.7 2001/09/27 20:00:31 kurt Exp $
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/rfc822-MailMember.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/redhat/kerberosobject.schema include /etc/openldap/schema/jim.schema include /etc/openldap/schema/AAA.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a
working directory
# service AND an understanding of referrals. #referral ldap://root.openldap.org # Create a replication log in /var/lib/ldap for use
by slurpd.
#replogfile /var/lib/ldap/master-slapd.replog # Load dynamic backend
modules:
modulepath /usr/sbin/openldap moduleload back_ldap.la moduleload back_ldbm.la moduleload back_passwd.la 1,1 Top # # The next three lines allow use of TLS for connections using a dummy test # certificate, but you should generate a proper certificate by changing to # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. # TLSCertificateFile /usr/share/ssl/certs/slapd.pem # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt # # Sample Access Control # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # access to * by * write #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default is: # Allow read by all # # rootdn can always write! #######################################################################
# ldbm database definitions ####################################################################### database
ldbm
suffix "dc=domain,dc=com" #suffix "o=My Organization Name,c=US" 68,1 64% #suffix "o=My Organization Name,c=US" rootdn "cn=Manager,dc=domain,dc=com" #rootdn "cn=Manager,o=My Organization Name,c=US" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # rootpw {crypt}ijFYNcSNctBYg # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd/tools. Mode 700 recommended. directory /var/lib/ldap # Indices to maintain index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial # Replicas to which we should propagate changes #replica host=ldap-1.example.com:389 tls=yes # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com@EXAMPLE.COM |