[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP SSL/TLS How-To by D. Kent Soper



Hello,

> Is this still applicable with OpenLDAP versions 2.2.13/14?
> 
> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
> 
> This is the last part of ldap I need to finish setting up. I have the
> O'reilly book too, but it seems to skim past the fine details of TLS. I
> have also read through the FAQ OpenLDAP TLS section.
> 
> I think I need to really sit down and mess around a bit, but if this guide
> is a good base to start from, then I will go from there.

Checked it with 2.2.11 here:

Compile openldap with tls support --with-tls
mkdir /var/myca
cd /var/myca
/usr/lib/ssl/misc/CA.sh -newca
openssl req -new -nodes -keyout newreq.pem -out newreq.pem
/usr/lib/ssl/misc/CA.sh -sign
cp demoCA/cacert.pem /usr/local/etc/openldap/cacert.pem
cp newcert.pem /usr/local/etc/openldap/servercrt.pem
cp newreq.pem /usr/local/etc/openldap/serverkey.pem

# TLS (slapd.conf)
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem

# TLS (ldap.conf in every client)
TLS_CACERT /usr/local/etc/openldap/cacert.pem

Check it with:

/usr/local/bin/ldapsearch -x -b "YOURBASEHERE" \
        -H 'ldap://YOURNAMESERVERHere:389' -ZZ

Regards,
Carlos.

-- 
 ___         _          \  |  /  Consulting
| . |._ _  _| | ___  ___  ___    http://www.andago.com
|   || ' |/ . |<_> |/ . |/ . \__ GNU/Linux
|_|_||_|_|\___|<___|\_. |\___/     _ \  __|\ \  /
 Carlos A. Lozano   <___'/ | \ -_) __/\__ \ >  <  -_)
 [ carlos.lozano@andago.com ]\___|_|  ____/ _/\_\___|
 [ calb@epsxe.com           ]  http://www.ePSXe.com