[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Setting up LDAP and SSL



> Form what I understand about SSL and LDAP, it seems that it is being
> used to encrypt the transactions between the client and the server
> (right?).

correct.

> 1. How does one setup/test OpenLDAP to use/require SSL for searches.
>         (other then simply compiling it in)

by default openldap uses starttls which means the client negotiates if ssl
will be used or not but it doesn't require it.  there is some stuff you
can do with command line switches to make slapd only run on port 636 (the
ssl port) which would do what you want or i believe that you can require
ssl for transport layer security with the security flag in slapd.conf.
read the man page or search the lists.

to setup ssl you have to:

first you have to generate a self signed certificate with openssl.

# openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365

then add the certificate to slapd.conf:

TLSCertificateFile /path/to/server.pem
TLSCertificateKeyFile /path/to/server.pem
TLSCACertificateFile /path/to/server.pem

> 2. What is required in the client to _do_ the searches.

it needs to support ssl.

> 3. Can nss_ldap be told to use SSL for getting authorization info?

yes.

adam.