SLES 11 SP4
Sponsored Link

LDAP over TLS
2015/12/02
 
Configure LDAP over TLS to make connection be secure.
[1]
[2] Configure OpenLDAP Server.
dlp:~ #
mkdir /etc/openldap/certs

dlp:~ #
cp /etc/ssl/private/server.key \
/etc/ssl/private/server.crt \
/etc/openldap/certs/

dlp:~ #
chown ldap. /etc/openldap/certs/server.key \
/etc/openldap/certs/server.crt
dlp:~ #
vi mod_ssl.ldif
# create new

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/server.crt
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/server.key

dlp:~ #
ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

dlp:~ #
vi /etc/sysconfig/openldap
# line 27: change

OPENLDAP_START_LDAPS="
yes
"
dlp:~ #
/etc/init.d/ldap restart

[3] Configure LDAP Client for TLS connection.
www:~#
echo "TLS_REQCERT allow" >> /etc/openldap/ldap.conf

www:~#
vi /etc/ldap.conf
# line 283: uncomment

ssl start_tls
www:~#
logout
Welcome to SUSE Linux Enterprise Server 11 SP4 (x86_64) - Kernel 3.0.101-63-default (console).
www login:
suse

Password:
Last login: Thu Dec  2 19:50:57 JST 2015 on console
suse@www:~>    
# just logined
Matched Content