Hello Experts,
In need of a little guidance please.
I'm installed OpenLdap 2.4.23 on RHEL in a sandbox and would like to enable SSL on port 636. All documentation references SLAPD(5), but since I'm using SLAPD(8), I do not know have the slapd.conf file. Looking for the current SLAPD(8) method of configuring this along with starting the service to support port 636.
Thanks in advance!
Jeff P.
Look at /etc/sysconfig/ldap. There's a line in there SLAPD_LDAPS=no. Change to yes and restart slapd and you should have a listener on 636.
On Wed, Jan 8, 2014 at 10:10 AM, jumpgroup@aol.com wrote:
Hello Experts,
In need of a little guidance please.
I'm installed OpenLdap 2.4.23 on RHEL in a sandbox and would like to enable SSL on port 636. All documentation references SLAPD(5), but since I'm using SLAPD(8), I do not know have the slapd.conf file. Looking for the current SLAPD(8) method of configuring this along with starting the service to support port 636.
Thanks in advance!
Jeff P.
Thank you, Michael. That helps. I think I found what I was looking for here:
https://wiki.debian.org/LDAP/OpenLDAPSetup
Specifically, the attributes to add to an LDIF to specify the location of the certificate files:
dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/private/server-key.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/server-cert.pem
Hopefully, this will get me where I need to go.
Thanks for your help!
-----Original Message----- From: Michael Proto michael.proto@tstllc.net To: jumpgroup jumpgroup@aol.com Cc: openldap-technical openldap-technical@openldap.org Sent: Wed, Jan 8, 2014 11:08 am Subject: Re: Port 636 and SLAPD(8)
Look at /etc/sysconfig/ldap. There's a line in there SLAPD_LDAPS=no. Change to yes and restart slapd and you should have a listener on 636.
On Wed, Jan 8, 2014 at 10:10 AM, jumpgroup@aol.com wrote:
Hello Experts,
In need of a little guidance please.
I'm installed OpenLdap 2.4.23 on RHEL in a sandbox and would like to enable SSL on port 636. All documentation references SLAPD(5), but since I'm using SLAPD(8), I do not know have the slapd.conf file. Looking for the current SLAPD(8) method of configuring this along with starting the service to support port 636.
Thanks in advance!
Jeff P.
jumpgroup@aol.com wrote:
Thank you, Michael. That helps. I think I found what I was looking for here:
Since OpenLDAP 2.4.23 is linked against libnss you will likely run into trouble regarding TLS when following configuration guides for an OpenLDAP installation linked against GnuTLS.
Best solution is to either compile yourself or grab RHEL packages from LTB project's web site.
Ciao, Michael.
Low Sensitivity/Aerospace Internal Use Only
That sounds an awful lot like what I was guided to do about 3 weeks ago. I still haven't had the chance to get back to it yet.
Warron French, MBA, SCSA
From: Michael Ströder michael@stroeder.com To: jumpgroup@aol.com, Cc: openldap-technical@openldap.org Date: 01/08/2014 03:08 PM Subject: Re: Port 636 and SLAPD(8) Sent by: openldap-technical-bounces@OpenLDAP.org
jumpgroup@aol.com wrote:
Thank you, Michael. That helps. I think I found what I was looking for
here:
Since OpenLDAP 2.4.23 is linked against libnss you will likely run into trouble regarding TLS when following configuration guides for an OpenLDAP installation linked against GnuTLS.
Best solution is to either compile yourself or grab RHEL packages from LTB project's web site.
Ciao, Michael.
Low Sensitivity/Aerospace Internal Use Only
Hi,
You don't need to worry about the slapd.d configuration at all. If you are familiar with slapd.conf then you can go with below steps.
Just get the configuration file provides by package(rpm) with below commands.
rpm -qc openldap-servers
Once you get slapd.conf then make the changes and run below command. That will change slapd.conf in slapd.d structure.
slaptest -f slapd.conf slapd.d
You will get all ldif files in slapd.d directory then check it and change it accordingly.
Hope,it will help.
On Thu, Jan 9, 2014 at 12:11 AM, Michael Ströder michael@stroeder.comwrote:
jumpgroup@aol.com wrote:
Thank you, Michael. That helps. I think I found what I was looking for
here:
Since OpenLDAP 2.4.23 is linked against libnss you will likely run into trouble regarding TLS when following configuration guides for an OpenLDAP installation linked against GnuTLS.
Best solution is to either compile yourself or grab RHEL packages from LTB project's web site.
Ciao, Michael.
openldap-technical@openldap.org
-
jumpgroup@aol.com -
Michael Proto -
Michael Ströder -
Vikas Parashar -
Warron S French