Howdy.
We run an OpenLDAP environment that I'm attempting to lock down.
Right now all LDAP communication takes place in cleartext-- obviously this isn't optimal. I'm attempting to configure TLS, and hitting a few snags.
On the server I've generated a PEM that includes both the key and the certificate. I've also broken them down into component files. Given that this isn't a signed certificate, what are the options I need in slapd.conf?
If anyone can shed some light, or point me towards a tutorial, I'd be most grateful.
Regards, Jay Chandler
--On Wednesday, July 25, 2007 12:14 PM -0700 Jay Chandler chandler.lists@chapman.edu wrote:
Howdy.
We run an OpenLDAP environment that I'm attempting to lock down.
Right now all LDAP communication takes place in cleartext-- obviously this isn't optimal. I'm attempting to configure TLS, and hitting a few snags.
On the server I've generated a PEM that includes both the key and the certificate. I've also broken them down into component files. Given that this isn't a signed certificate, what are the options I need in slapd.conf?
http://www.openldap.org/doc/admin23/tls.html
In particular, note that requirement for the CA cert to be findable, even for self-signed certs.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org