SUSE Linux Enterprise 11 SP4 : OpenLDAP : LDAP over TLS : Server World

LDAP over TLS

2015/12/02

	Configure LDAP over TLS to make connection be secure.
[1]	Create SSL certificate first. See here.
[2]	Configure OpenLDAP Server.

dlp:~ #

mkdir /etc/openldap/certs

dlp:~ #

cp /etc/ssl/private/server.key \
/etc/ssl/private/server.crt \
/etc/openldap/certs/

dlp:~ #

chown ldap. /etc/openldap/certs/server.key \
/etc/openldap/certs/server.crt

dlp:~ #

vi mod_ssl.ldif

# create new

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/server.crt
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/server.key

dlp:~ #

ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

dlp:~ #

vi /etc/sysconfig/openldap

# line 27: change

OPENLDAP_START_LDAPS="

yes

dlp:~ #

/etc/init.d/ldap restart

[3]	Configure LDAP Client for TLS connection.

www:~#

echo "TLS_REQCERT allow" >> /etc/openldap/ldap.conf

www:~#

vi /etc/ldap.conf

# line 283: uncomment

ssl start_tls

www:~#

exit

logout

Welcome to SUSE Linux Enterprise Server 11 SP4 (x86_64) - Kernel 3.0.101-63-default (console).

www login:

suse

Password:
Last login: Thu Dec  2 19:50:57 JST 2015 on console

suse@www:~>

# just logined