Re: ldap+ssl+Active directory

[Ainhoa Prat <a_prat@monesa.es>]

Hi,

I'm using Yast to configure ldap, in the ldap client, I pick the option: 
'ldap tls/ssl'. then /etc/ldap.conf has the next line:

# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl     start_tls
nss_base_passwd dc=monesa,dc=es
nss_base_shadow dc=monesa,dc=es
nss_base_group  dc=monesa,dc=es

I think the configuration is OK, but I don't know how suse import the 
w2k'certificate, or if I need to create a certificate to suse. I've 
installed Microsoft Certification Authority, to enable ldap over ssl in 
w2k. In suse I only set this option (ssl start tls), then I don't know if I 
need to do nothing else.





At 20:17 05/07/2004, Kurt D. Zeilenga wrote:
>At 10:47 AM 7/5/2004, Andreas wrote:
> >On Mon, Jul 05, 2004 at 10:34:32AM -0700, Kurt D. Zeilenga wrote:
> >> At 01:09 AM 7/5/2004, Ainhoa Prat wrote:
> >> >I'm having problems using ldap with ssl against windows 2000 AD. I 
> have Suse 9 as ldap client and w2k as ldap server. I set use ssl in ldap.conf,
> >>
> >> Not sure what you mean by "set use ssl in ldap.conf"... but if you
> >> mean you set 'use ssl' in ldap.conf, I note that OpenLDAP ldap.conf(5)
> >> has no 'use ssl' directive.  You might be confusing directives for
> >> some other ldap.conf file with OpenLDAP's ldap.conf(5).
> >
> >SuSE mixes nss_ldap and pam_ldap's ldap.conf (from PADL software) with
> >openldap's ldap.conf.
>
>If so, that's ill-advised.
>
>Regardless, "use ssl" is not, as I said above, an OpenLDAP
>ldap.conf(5) directive and hence will be ignored by OpenLDAP
>command lines tools such as ldapsearch(1).
>
>Kurt