[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP SSL/TLS How-To by D. Kent Soper
Hello,
> Is this still applicable with OpenLDAP versions 2.2.13/14?
>
> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
>
> This is the last part of ldap I need to finish setting up. I have the
> O'reilly book too, but it seems to skim past the fine details of TLS. I
> have also read through the FAQ OpenLDAP TLS section.
>
> I think I need to really sit down and mess around a bit, but if this guide
> is a good base to start from, then I will go from there.
Checked it with 2.2.11 here:
Compile openldap with tls support --with-tls
mkdir /var/myca
cd /var/myca
/usr/lib/ssl/misc/CA.sh -newca
openssl req -new -nodes -keyout newreq.pem -out newreq.pem
/usr/lib/ssl/misc/CA.sh -sign
cp demoCA/cacert.pem /usr/local/etc/openldap/cacert.pem
cp newcert.pem /usr/local/etc/openldap/servercrt.pem
cp newreq.pem /usr/local/etc/openldap/serverkey.pem
# TLS (slapd.conf)
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
# TLS (ldap.conf in every client)
TLS_CACERT /usr/local/etc/openldap/cacert.pem
Check it with:
/usr/local/bin/ldapsearch -x -b "YOURBASEHERE" \
-H 'ldap://YOURNAMESERVERHere:389' -ZZ
Regards,
Carlos.
--
___ _ \ | / Consulting
| . |._ _ _| | ___ ___ ___ http://www.andago.com
| || ' |/ . |<_> |/ . |/ . \__ GNU/Linux
|_|_||_|_|\___|<___|\_. |\___/ _ \ __|\ \ /
Carlos A. Lozano <___'/ | \ -_) __/\__ \ > < -_)
[ carlos.lozano@andago.com ]\___|_| ____/ _/\_\___|
[ calb@epsxe.com ] http://www.ePSXe.com