Hello dear community,
I want to enable SSL, but I cannot find "/etc/sysconfig/slapd" file. OpenLDAP version is 2.4.59, on , for testing.. I'm going to migrate to last version next month. OS is Rocky Linux 8.8.
Thanks,
Jean-Luc
Am 17.08.23 um 18:50 schrieb Jean-Luc Chandezon:
I want to enable SSL, but I cannot find “/etc/sysconfig/slapd” file.
for an overview: https://openldap.org -> OpenLDAP Admin Guide -> choose your version -> search for "Using TLS"
First, I've to say, think about your ldap-server's name. The DNS name...
Given, you run your ldap-server on an IP-Adress which is known as ldap.example.org you should have certificates for that name. Let's Encrypt is your friend...
Then, the minimal required configuration is
TLSCertificateFile /acme/live/ldap.example.org/cert+intermediate.pem TLSCertificateKeyFile /acme/live/ldap.example.org/key.pem
Andreas
--On Thursday, August 17, 2023 10:57 PM +0200 "A. Schulze" sca@andreasschulze.de wrote:
Am 17.08.23 um 18:50 schrieb Jean-Luc Chandezon:
I want to enable SSL, but I cannot find "/etc/sysconfig/slapd" file.
for an overview: https://openldap.org -> OpenLDAP Admin Guide -> choose your version -> search for "Using TLS"
First, I've to say, think about your ldap-server's name. The DNS name...
Given, you run your ldap-server on an IP-Adress which is known as ldap.example.org you should have certificates for that name. Let's Encrypt is your friend...
Then, the minimal required configuration is
TLSCertificateFile /acme/live/ldap.example.org/cert+intermediate.pem TLSCertificateKeyFile /acme/live/ldap.example.org/key.pem
I'm guessing they are following instructions telling them to modify /etc/sysconfig/slapd to add an ldaps:/// URI. The message is so vague though, it's hard to really know their intent.
--Quanah
On 2023-08-17 10:50 AM, Jean-Luc Chandezon wrote:
I want to enable SSL, but I cannot find “/etc/sysconfig/slapd” file.
OpenLDAP version is 2.4.59, on , for testing.. I’m going to migrate to last version next month.
OS is Rocky Linux 8.8.
As far as I know, none of the RHEL family include OpenLDAP server packages for any release higher than 7 (though the clients are still provided).
You likely don't have slapd installed at all, and therefore no configuration file for it.
If you want an OpenLDAP server, you'll likely need to look at either of LTB or Symas builds.
On 8/18/23 23:20, Nels Lindquist wrote:
As far as I know, none of the RHEL family include OpenLDAP server packages for any release higher than 7 (though the clients are still provided).
You likely don't have slapd installed at all, and therefore no configuration file for it.
If you want an OpenLDAP server, you'll likely need to look at either of LTB or Symas builds.
It's true that Red Hat no longer supports OpenLDAP, in favour of their own 389DS. However, Rocky Linux does provide an OpenLDAP package in the "plus" repo for RL9 or the "powertools" repo for RL8.
I do like https://ltb-project.org
for my rpm install I don't like the 389ds app
A ________________________________ From: Souji Thenria mail@souji-thenria.net Sent: Sunday, 20 August 2023 08:28 To: Nels Lindquist nlindq@maei.ca; openldap-technical@openldap.org openldap-technical@openldap.org Subject: Re: enable SSL
CAUTION: EXTERNAL MAIL. DO NOT CLICK ON LINKS OR OPEN ATTACHMENTS YOU DO NOT TRUST
On 8/18/23 23:20, Nels Lindquist wrote:
As far as I know, none of the RHEL family include OpenLDAP server packages for any release higher than 7 (though the clients are still provided).
You likely don't have slapd installed at all, and therefore no configuration file for it.
If you want an OpenLDAP server, you'll likely need to look at either of LTB or Symas builds.
It's true that Red Hat no longer supports OpenLDAP, in favour of their own 389DS. However, Rocky Linux does provide an OpenLDAP package in the "plus" repo for RL9 or the "powertools" repo for RL8.
-- Souji Thenria
On 2023-08-19 4:28 PM, Souji Thenria wrote:
On 8/18/23 23:20, Nels Lindquist wrote:
As far as I know, none of the RHEL family include OpenLDAP server packages for any release higher than 7 (though the clients are still provided).
You likely don't have slapd installed at all, and therefore no configuration file for it.
If you want an OpenLDAP server, you'll likely need to look at either of LTB or Symas builds.
It's true that Red Hat no longer supports OpenLDAP, in favour of their own 389DS. However, Rocky Linux does provide an OpenLDAP package in the "plus" repo for RL9 or the "powertools" repo for RL8.
Ah, yes--there it is in powertools. Thanks for that; I hadn't noticed it there before. (Though there are other reasons--such as wanting a newer version--to use one of the alternative server packages instead).
Just to satisfy my own curiosity, I installed the server package from powertools. The slapd.service systemd file included in the package includes:
ExecStart=/usr/sbin/slapd -u ldap -h "ldap:/// ldaps:/// ldapi:///"
As long as the configuration, certificate etc. are valid it'll listen for SSL connections by default.
openldap-technical@openldap.org
-
A. Schulze -
Alex Samad - Yieldbroker -
Jean-Luc Chandezon -
Nels Lindquist -
Quanah Gibson-Mount -
Souji Thenria