On Tue, 2004-12-07 at 15:32 -0600, Brian Fahrlander wrote: > I have/had LDAP Authentication working under RH9, but it's time to > upgrade. Some changes have been made; SSL is now used by default, and I > don't have any background on how to set up the certs (for example). > > Does anyone know of a compemporary ldap howto, with FC3 in mind? > Google sure doesn't. > ---- I seriously doubt that ssl is involved at all. I suspect you are confusing it with TLS. My notes for generating certs... ( I edit /usr/share/ssl/openssl.conf first) cd /usr/share/ssl/certs openssl genrsa -des3 -out ca.key 2048 openssl req -new -x509 -days 3650 -key ca.key -out ca.cert openssl genrsa -out ldap.key 1024 openssl req -new -key ldap.key -out ldap.csr openssl x509 -req -in ldap.csr -out ldap.cert -CA ca.cert \ -CAkey ca.key -CAcreateserial -days 3650 mkdir /etc/ssl cp ca.cert /etc/ssl cp ldap* /etc/ssl then I use the following in /etc/openldap/slapd.conf TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/ssl/ldap.cert TLSCertificateKeyFile /etc/ssl/ldap.key TLSCACertificateFile /etc/ssl/ca.cert YMMV Craig
