LDAP over TLS2015/12/02 |
Configure LDAP over TLS to make connection be secure.
|
|
[1] | |
[2] | Configure OpenLDAP Server. |
dlp:~ # mkdir /etc/openldap/certs
dlp:~ #
dlp:~ # chown ldap. /etc/openldap/certs/server.key \
/etc/openldap/certs/server.crt
dlp:~ #
vi mod_ssl.ldif # create new dn: cn=config changetype: modify replace: olcTLSCertificateFile olcTLSCertificateFile: /etc/openldap/certs/server.crt - replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/openldap/certs/server.key ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config"
dlp:~ #
vi /etc/sysconfig/openldap # line 27: change OPENLDAP_START_LDAPS=" yes "
/etc/init.d/ldap restart |
[3] | Configure LDAP Client for TLS connection. |
www:~#
echo "TLS_REQCERT allow" >> /etc/openldap/ldap.conf
www:~#
vi /etc/ldap.conf # line 283: uncomment ssl start_tls
www:~#
logout
Welcome to SUSE Linux Enterprise Server 11 SP4 (x86_64) - Kernel 3.0.101-63-default (console).
www login: suse Password: Last login: Thu Dec 2 19:50:57 JST 2015 on consolesuse@www:~> # just logined
|
Sponsored Link |