[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuration of SSL/TLS

   >it says and i did get my slapd running using the certificate (my
   >Netscape sees it and stores it). My question concerns pam_ldap ... i
   >know it's suposed to have a certificate file to pass to the server, but
   >i've failed to gather information concerning how to build that same
   >certificate. Could someone please give me some directions concerning the
   >steps to create such a certificate?

If your Netscape browser has accepted the certificate from your SSL enabled
LDAP server, take the $HOME/.netscape/cert7.db file with the key it has stored
there, and place it somewhere like /usr/local/ssl/certs - then place
the following two lines in /etc/ldap.conf :
	ssl yes
	sslpath /usr/local/ssl/certs
Also change the "port" line to use the SSL port:
	port 636

This worked for me, although I was using the PADL nss_ldap module rather 
than PAM.

Phil Cordier

-=- Phil Cordier -=- IS Squared, Inc. -=- (425) 775-6495 -=- philc@is2inc.com