Re: [FC3] LDAP Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-12-07 at 15:32 -0600, Brian Fahrlander wrote:
>     I have/had LDAP Authentication working under RH9, but it's time to
> upgrade.  Some changes have been made; SSL is now used by default, and I
> don't have any background on how to set up the certs (for example).
> 
>     Does anyone know of a compemporary ldap howto, with FC3 in mind? 
> Google sure doesn't.
> 
----
I seriously doubt that ssl is involved at all. I suspect you are
confusing it with TLS.

My notes for generating certs...

( I edit /usr/share/ssl/openssl.conf first)

cd /usr/share/ssl/certs
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.cert
openssl genrsa -out ldap.key 1024
openssl req -new -key ldap.key -out ldap.csr
openssl x509 -req -in ldap.csr -out ldap.cert -CA ca.cert \
-CAkey ca.key  -CAcreateserial -days 3650
mkdir /etc/ssl
cp ca.cert /etc/ssl
cp ldap* /etc/ssl

then I use the following in /etc/openldap/slapd.conf
TLSCipherSuite          HIGH:MEDIUM:+SSLv2
TLSCertificateFile      /etc/ssl/ldap.cert
TLSCertificateKeyFile   /etc/ssl/ldap.key
TLSCACertificateFile    /etc/ssl/ca.cert

YMMV

Craig



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux