Re: Authentication using LDAP and NDS

[Tony Earnshaw <tonni@billy.demon.nl>]

tir, 2002-11-05 kl. 06:17 skrev Alison Smith:

> I hope this isn't a really silly question and that I am sending this to the correct list!

It's not silly, I too hope that this is the correct list.
 
> I am trying to use PAM to authenticate squid sessions against a novell server. Unfortunately, the novell server is not mine, so I'm flying blind! :-)
> 
> I have been told that the servers require SSL, and have been given a root certificate (in DER format). This needs to be imported as a "trusted root certificate" on my server. This is where I run into problems, I have no idea how to import it as a trusted root certificate?

eDirectory (8.6.2 at any rate) uses SSL on port 636, no strongSASL
authentication "out of the box."
 
> Does anyone have any ideas as to where I might start looking?

Without going to the hassle of running slapd at d -1, I tried my DER
encoded CA certificate (since that's what Novell means by "root
certificate") and it didn't work with the 2.1.8 slapd.

At the very least, you'll have to make a PEM encoded CA/root certificat
and use that.

Put your Novell certificate in a directory, cd to that directory and do:
'openssl x509 -inform DER -in name-of-the-certificate.der -out
name-of-the-certificate.pem -outform PEM' (man x509) and chmod 644
certificate.pem.

Copy that certificate to your CA certificate directory and do all public
key/certificate request signing with it. Make sure your Openldap clients
use that certificate too!

I don't know whether Openldap can use multiple CA certs, I've never
tried.

Best,

Tony 

-- 

Tony Earnshaw

Could have been Henrik Ibsen's, Ole Bull's,
Henrik Wergelands's, Camilla Collet's and more's
last words, but weren't: «Fanden helder, helder
det at have sadset, end det at ikke have sadset
i det hele taget.»

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl