Re: Setting up OpenLDAP SSL, client and server

[Tony Earnshaw <tonni@billy.demon.nl>]

tir, 2002-07-23 kl. 18:04 skrev Dave Smith:

> After reading the OpenLDAP documentation, searching the mailing list 
> archive, and Dr. Google, I have not yet encountered a good HOWTO on 
> setting up OpenLDAP for use over SSL. I know that it comes configured 
> out of the box for such use and I can see that my RedHat7.3 server is 
> indeed listening on 636, but I can't seem to connect to it via SSL with 
> any LDAP clients, including GQ, Netscape Addressbook, and in-house LDAP 
> apps (PHP).

"Out of the box", i.e. following the rules set in the Openldap Admin
guide with 2 *.pem x509 certificates (*not* signed) 2.1.3, "allow
bind_v2" TLS/SSL works for me with Mozilla 1.0 and native openldap
clients (ldapsearch etc) and Exim 4.10 (smpt server). Doesn't work with
Netscape 4.7.9. GQ doesn't work, but if you do ldd on the binary you'll
see why (it refuses to follow the directives for the source of the ldd
libraries and chooses older versions, which I can't 'rpm -e', since so
many things are dependant on them). GQ doesn't work (for me) for SASL
either; reason is the same. Who cares?

> Can anyone point me in the direction of a good HOWTO on setting up
> OpenLDAP over SSL for both server and client side? With other
> directory services (Novell eDirectory for example), one must export
> the trusted root certificate (public key) and consume that on the
> client side. Does such a method exist in OpenLDAP?

http://www.linuxnetwork.nl/howto/LDAP-Implementation-HOWTO (HTML)
http://bulle.bitforbit.no/HOWTO/LDAP-Implementation-HOWTO (HTML)

Adam Williams's (of this list) ldapv3.pdf

Best,

Tony

-- 

Tony Earnshaw

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981