[Date Prev][Date Next] [Chronological] [Thread] [Top]

Setting up primary/secondary LDAP servers with TLS/SSL enabled


I am using primary/secondary LDAP servers configuration, it works quite normal.

I need to make LDAP authentication secure. I.e., I need both LDAP servers to provide LDAP over SSL/TLS, so that both primary and secondary LDAP server be used (mentioned in ldap.conf).

I have to use self-signed SSL certificates, since the servers are located in intranet, they have no 'real' domain names.

The problem is I can't figure out how to specify ldap.conf SSL parameters so that they could
- verify LDAP server certificate
- be used with both primary and secondary LDAP servers

Also, I'd prefer to use TLS - how do I run slapd so that it provided TLS-aware connection on the standard port? Is it possible to set up slapd so that TLS be optional (for testing/transition purposes).

I would greatly appreciate references to the relevant docs on these.

Thank you.