[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Setting up primary/secondary LDAP servers with TLS/SSL enabled
- To: openldap-technical@openldap.org
- Subject: Setting up primary/secondary LDAP servers with TLS/SSL enabled
- From: Konstantin Boyandin <temmokan@gmail.com>
- Date: Fri, 26 Nov 2010 16:26:46 +0600
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=D2VQ4uEwRCMTA6lrYJQU42wFUB+EAbrkN4LID5mxgjE=; b=roeTJts+5m0xQxS+bE/WclgmOlQbrrHyg+kTbOw016w5bcuLKJJF4zkmVPm9x5qESW nigioXvq+pJ0mfHY+RRd8vB3nOEEwgS569KJiildsc5pqJBCTatJjjGT2nLI8sCDYfU5 m7jhhYZY531+tHWnlRf6T+O8mNUsi/rDqp9Ro=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=TTMhXgApJ5qkpPCGxtwWr3FBjSEy/YHNURSCjUzZ7ye5euZgu6lGIsgpFkCrPLeR7O zQWG3ryYIqpO9yPGYwjrJsVca05JRn26fChfyu8yl+MooTGcFMZaxlGCZesIAW0/MDls YkT83s+DOaKLSoUlEIMOBLa2MRXjYCzndJ6Kc=
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Fedora/3.1.6-1.fc13 Thunderbird/3.1.6
Hello,
I am using primary/secondary LDAP servers configuration, it works quite
normal.
I need to make LDAP authentication secure. I.e., I need both LDAP
servers to provide LDAP over SSL/TLS, so that both primary and secondary
LDAP server be used (mentioned in ldap.conf).
I have to use self-signed SSL certificates, since the servers are
located in intranet, they have no 'real' domain names.
The problem is I can't figure out how to specify ldap.conf SSL
parameters so that they could
- verify LDAP server certificate
- be used with both primary and secondary LDAP servers
Also, I'd prefer to use TLS - how do I run slapd so that it provided
TLS-aware connection on the standard port? Is it possible to set up
slapd so that TLS be optional (for testing/transition purposes).
I would greatly appreciate references to the relevant docs on these.
Thank you.
Sincerely,
Konstantin