Re: Reg OpenLdap on Ubuntu

To: Dieter Kluenter <dieter@dkluenter.de>

Subject: Re: Reg OpenLdap on Ubuntu

From: Asimananda Mohanty <asimananda.mohanty@gmail.com>

Date: Thu, 17 Sep 2009 17:05:18 +0530

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=5cJIGtWjerL7P3Zl6C8narOUA3uQa0brMzGEt8fI1I8=; b=ONd/O2Jdrl39kPvKsULZHw/5zIF/4k2i5AeQCuxICzRIV2N4KZAT57xDcvMgY6rmns t16RYv5PsESdPUrbVw0Ajrx5n02kTQZvzsWRjztpZ8CYZ85qoV+oU/afdTvtLBM/jAcz e+dx8pmV6nUCq3lceCMRDRWOWmYZIGCZWCguE=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=VnxIJRCIw94Nk0fDHV7VJhT4lAr60iV66kotSA8gBU4lLdSjN7KlpCSzNB+bbvziPe U2z4IinUnU62T5naXAAMSl9AzI+b4bKg9WRtPZ+nZxQHKfGNTxKpQ3+d6HUmSnWt+edN LefjeysJX64oNZNw3Rd3IEz8bNcgRsUzjRQqI=

In-reply-to: <8763bh3jdv.fsf@rubin.avci.de>

References: <d375fb280907100400o26cc0aebo4d964a21c1c16e0f@mail.gmail.com> <cb69cb8f0909110731s773064a9p24167abc54587ea5@mail.gmail.com> <d375fb280909170016v67d0e41dyd40fc62fe7945b6e@mail.gmail.com> <87pr9q2ev2.fsf@rubin.avci.de> <d375fb280909170127i3e7c246cs9a4846320bcf4f1c@mail.gmail.com> <87ljke2azw.fsf@rubin.avci.de> <d375fb280909170239q5870752dve48be41d6cf96638@mail.gmail.com> <87hbv13ngh.fsf@rubin.avci.de> <d375fb280909170314o58a9e911xd6b24baeaeee26ad@mail.gmail.com> <8763bh3jdv.fsf@rubin.avci.de>

I already have the certificates and here is my ldap.conf :

TLS_REQCERT demand

TLS_CACERT /etc/ssl/certs/ca-cert.pem

With these settings, it's working fine. As I already mentioned, ldapsearch command runs fine with "ldaps" url and also with "ldap" url WITH "-ZZ" option.

I think that indicates that TLS is enabled on the server.

Is there any difference in behavior when slapd used libgnutls and when it uses libssl ? Or they both serve the same purpose (this was my idea till now)?

Does apache expect slapd to use libssl and not libgnutls ?

Regards

Asimananda

On Thu, Sep 17, 2009 at 4:53 PM, Dieter Kluenter <dieter@dkluenter.de> wrote:

Asimananda Mohanty <asimananda.mohanty@gmail.com> writes:

> Hi Dieter,
>

> Does that mean that my openLDAP has been configured correctly so as to be used with the
> required applications as I described in my previous mails today? Or do I need to do
> something else for the same?

You have to create certificates of course and configure slapd to read
this certificates and listen on a secure port.
http://www.openldap.org/doc/admin24/tls.html

-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E

Follow-Ups:

Re: Reg OpenLdap on Ubuntu
- From: "Dieter Kluenter" <dieter@dkluenter.de>

References:

Re: Reg OpenLdap on Ubuntu
- From: Mathias Gug <mathiaz@ubuntu.com>
Re: Reg OpenLdap on Ubuntu
- From: Asimananda Mohanty <asimananda.mohanty@gmail.com>
Re: Reg OpenLdap on Ubuntu
- From: "Dieter Kluenter" <dieter@dkluenter.de>
Re: Reg OpenLdap on Ubuntu
- From: Asimananda Mohanty <asimananda.mohanty@gmail.com>
Re: Reg OpenLdap on Ubuntu
- From: "Dieter Kluenter" <dieter@dkluenter.de>
Re: Reg OpenLdap on Ubuntu
- From: Asimananda Mohanty <asimananda.mohanty@gmail.com>
Re: Reg OpenLdap on Ubuntu
- From: "Dieter Kluenter" <dieter@dkluenter.de>
Re: Reg OpenLdap on Ubuntu
- From: Asimananda Mohanty <asimananda.mohanty@gmail.com>
Re: Reg OpenLdap on Ubuntu
- From: "Dieter Kluenter" <dieter@dkluenter.de>