[Date Prev][Date Next]
Re: Authentication using LDAP and NDS
tir, 2002-11-05 kl. 06:17 skrev Alison Smith:
> I hope this isn't a really silly question and that I am sending this to the correct list!
It's not silly, I too hope that this is the correct list.
> I am trying to use PAM to authenticate squid sessions against a novell server. Unfortunately, the novell server is not mine, so I'm flying blind! :-)
> I have been told that the servers require SSL, and have been given a root certificate (in DER format). This needs to be imported as a "trusted root certificate" on my server. This is where I run into problems, I have no idea how to import it as a trusted root certificate?
eDirectory (8.6.2 at any rate) uses SSL on port 636, no strongSASL
authentication "out of the box."
> Does anyone have any ideas as to where I might start looking?
Without going to the hassle of running slapd at d -1, I tried my DER
encoded CA certificate (since that's what Novell means by "root
certificate") and it didn't work with the 2.1.8 slapd.
At the very least, you'll have to make a PEM encoded CA/root certificat
and use that.
Put your Novell certificate in a directory, cd to that directory and do:
'openssl x509 -inform DER -in name-of-the-certificate.der -out
name-of-the-certificate.pem -outform PEM' (man x509) and chmod 644
Copy that certificate to your CA certificate directory and do all public
key/certificate request signing with it. Make sure your Openldap clients
use that certificate too!
I don't know whether Openldap can use multiple CA certs, I've never
Could have been Henrik Ibsen's, Ole Bull's,
Henrik Wergelands's, Camilla Collet's and more's
last words, but weren't: «Fanden helder, helder
det at have sadset, end det at ikke have sadset
i det hele taget.»