On Fri, 23 Jan 2009 17:03:26 +0100, Nathan Huesken ldap@lonely-star.org wrote:
Hi,
I want to use TLS on my slapd, which uses the slapd.d config way. On this page: http://www.openldap.org/doc/admin24/tls.html I find a discription of how to do it if one uses a slapd.conf. But how
does
it work with slapd.d?
A general good way is to generate the appropriate slapd.conf and then use the slaptest command (with both -f and -F options) to generate the corresponding slapd.d directory (and sub-directories) ; then you can write your own ldif to load on your already running openldap.
More specically to TLS, here are some of the attribute you have to put in the cn=config.ldif file ate the first level of the slapd.d directory :
olcTLSCACertificateFile: /usr/local/etc/openldap/cacert.pem olcTLSCertificateFile: /usr/local/etc/openldap/slapd.cert olcTLSCertificateKeyFile: /usr/local/etc/openldap/slapd.key olcTLSCRLCheck: none olcTLSVerifyClient: never
If your doing multimaster replication, be sure that the filenames of certificate and key are identical, despite that each server must have its own certificate (use symlink - not my idea).
Thanks! Nathan
Hope it can help, Sincerely yours, Mathieu MILLET.