Re: OpenLDAP with SSL

On Fri, 4 Dec 2009, Chamith Kumarage wrote:

Hi Folks,

I have setup openldap with SSL and i'm using self signed certs. I have included the following in my slapd.conf.

TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSCACertificateFile /etc/ldap/ssl/server.pem TLSCertificateFile /etc/ldap/ssl/server.pem TLSCertificateKeyFile /etc/ldap/ssl/server.pem TLSVerifyClient demand

and in my ldap.conf I have;

HOST <my_ip> PORT 636 TLS_REQCERT /etc/ldap/ssl/server.pem

What slapd starting line (-h option) you've used? should be something like

"ldap://127.0.0.1:389/ ldaps://127.0.0.1:636/ ldapi:///"

E.g. in Debian it's configured via /etc/default/slapd file.

Regards, DT