[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS error msg / TLS for dummies ?



> a simple doc about setting up an example self-signed cert using
> openssl (which i believe i have done correctly), and doing a simple
> ldapsearch (using TLS of course) would be of GREAT help.

i'm working on a document that is specific to solaris 8 and openldap 2.0.7
but it answers this question.  it took me a while to figure out as well
and the posts archived on the list are overly complicated.

to generate the key all you need to do is this (i change server.pem to
hostname.pem):

# openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365

and then add these lines to your slapd.conf:

TLSCertificateFile /path/to/server.pem
TLSCertificateKeyFile /path/to/server.pem
TLSCACertificateFile /path/to/server.pem

if you want replication to work over ssl you need to setup your
replica directive in the master's slapd.conf like this:

replica host=192.168.1.121:389
   binddn="cn=manager,dc=example,dc=net"
   bindmethod=simple
   credentials=secret
   tls=yes

i have watched the raw traffic with snoop with and without the "tls=yes"
bit and confirmed that it is indeed working.

the page where i talk about this is very much a work in progress and is
at:

	http://www.spack.org/geek/sol8ldap.html

adam.