[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Setting up primary/secondary LDAP servers with TLS/SSL enabled

To: openldap-technical@openldap.org
Subject: Re: Setting up primary/secondary LDAP servers with TLS/SSL enabled
From: DT Piotr Wadas <pwadas@dtpw.pl>
Date: Fri, 26 Nov 2010 11:36:36 +0100 (CET)
In-reply-to: <4CEF8B66.1040905@gmail.com>
References: <4CEF8B66.1040905@gmail.com>

> I have to use self-signed SSL certificates, since the servers are located in
> intranet, they have no 'real' domain names.

Names in certificates used in connection do not need to take a part in
"authentication". Study the difference between authentication and 
authorization.

> 
> The problem is I can't figure out how to specify ldap.conf SSL parameters so
> that they could
> - verify LDAP server certificate
> - be used with both primary and secondary LDAP servers
> 
> Also, I'd prefer to use TLS - how do I run slapd so that it provided TLS-aware
> connection on the standard port? Is it possible to set up slapd so that TLS be
> optional (for testing/transition purposes).

To setup slapd with SSL (ldaps) , add ldaps:/// argument to it.
> 
> I would greatly appreciate references to the relevant docs on these.
Answers for your questions are in man ldap.conf, and man slapd manual 
pages.

Regards,
DT
-- 
http://dtpw.pl/mywork
http://dtpw.pl/buell [ 25th anniversary of Buell - American Motorcycles ]

References:
- Setting up primary/secondary LDAP servers with TLS/SSL enabled
  - From: Konstantin Boyandin <temmokan@gmail.com>

Prev by Date: Re: memberof overlay 2.4.08
Next by Date: Re: Setting up primary/secondary LDAP servers with TLS/SSL enabled
Index(es):
- Chronological
- Thread