Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How ldap authentiation works with TLS?
Top Forums UNIX for Advanced & Expert Users How ldap authentiation works with TLS? Post 302270332 by ynilesh on Sunday 21st of December 2008 05:34:29 AM
Old 12-21-2008
How ldap authentiation works with TLS?
I am confused in understanding, how ldap authentication works. Anyone has any idea ? I also want to know when you create certificate where does openldap stores certificate information.

$nilesh
 

10 More Discussions You Might Find Interesting

1. Red Hat

LDAP auth, secondary groups doesnt works

RedHat ELS 5.2 & Sun directory getent passwd: works toto:*:1000:100:toto:/home/toto:/bin/bash getent group: works mygroup:*:10001:1000,1001 but id toto doesnt works :( uid=1000(toto) gid=100(users) groupes=100(users) BTW in /etc/ldap.conf i use a different mapping for the posix... (4 Replies)
Discussion started by: sncr24
4 Replies

2. UNIX for Advanced & Expert Users

ldap over tls -- ssl cert help

Hey Guys, I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies

3. UNIX for Advanced & Expert Users

something like LDAP Administrator 2011.1 "LDAP-SQL" but for the CLI

Hi I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI. Wish to use LDAP-SQL in scripts (non Windows GUI environment) http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png Softerra LDAP Administrator 2011.1 - What's New OS is... (2 Replies)
Discussion started by: slashdotweenie
2 Replies

4. UNIX for Advanced & Expert Users

SSL/TLS with openldap

Hello to all, I'm beguinner in Linux instalations and I'm trying to Communicate from Web Sites that i have running under apache with openLDAP for users authentication using SSL mediation that seems to be connected with LDAPS. Can someone advise me how to do this, I have already installed... (1 Reply)
Discussion started by: CPMarco
1 Replies

5. UNIX for Advanced & Expert Users

FTP over implicit TLS

Here are the essentials: un: myuser pw: mypasswd site: sftp.somesite.com port: 990 type: FTPS enc: FTP over implicit TLS program used: Curl 7.1.x on Hpux 11.31 I would like to "put" 1 file on there server. Here is my syntax, what am I doing wrong? curl -3 -v --cacert... (4 Replies)
Discussion started by: olyanderson
4 Replies

6. Solaris

Samba idmap ldap: works perfect on Linux,bad on Solaris and hpux

I have configured samba for working with and external ldap(ad windows2003+openldap backend to obtain the same uid and gid on all linux machines) On linux works perfect,and i get the same uid for a X user on all machines. On solaris11 and hpux 11.31 not wbinfo -u works fine wbinfo -g works... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies

7. AIX

AIX sendmail and tls

The situation Version AIX7.1/8.14.4 Compiled with: DNSMAP LDAPMAP LDAP_REFERRALS LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB NIS NISPLUS PIPELINING SCANF STARTTLS USERDB USE_LDAP_INIT XDEBUG... (2 Replies)
Discussion started by: Linusolaradm1
2 Replies

8. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

9. Solaris

How to configure CUPS on Solaris 11.3 - TLS and no TLS?

We are implementing CUPS on a new Solaris 11.3 system. The same system will run an application where users can print to networked printers inside our organisation, or to a printer outside of our organisation over the internet. For users printing to internal network printers, no encryption is... (0 Replies)
Discussion started by: SallyB
0 Replies

10. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT V7

autofs_ldap_auth.conf

AUTOFS_LDAP_AUTH.CONF(5)					File Formats Manual					  AUTOFS_LDAP_AUTH.CONF(5)

NAME

       autofs_ldap_auth.conf - autofs LDAP authentication configuration

DESCRIPTION

       LDAP  authenticated  binds, TLS encrypted connections and certification may be used by setting appropriate values in the autofs authentica-
       tion  configuration  file  and  configuring  the  LDAP  client  with  appropriate  settings.   The  default  location  of  this	 file	is
       /etc/autofs_ldap_auth.conf.  If this file exists it will be used to establish whether TLS or authentication should be used.

       An example of this file is:

	 <?xml version="1.0" ?>
	 <autofs_ldap_sasl_conf
		 usetls="yes"
		 tlsrequired="no"
		 authrequired="no"
		 authtype="DIGEST-MD5"
		 user="xyz"
		 secret="abc"
	 />

       If  TLS	encryption is to be used the location of the Certificate Authority certificate must be set within the LDAP client configuration in
       order to validate the server certificate. If, in addition, a certified connection is to be used then the client certificate and private key
       file locations must also be configured within the LDAP client.

OPTIONS

       This files contains a single XML element, as shown in the example above, with several attributes.

       The possible attributes are:

       usetls="yes"|"no"
	      Determines whether an encrypted connection to the ldap server should be attempted.

       tlsrequired="yes"|"no"
	      This  flag  tells whether the ldap connection must be encrypted. If set to "yes", the automounter will fail to start if an encrypted
	      connection cannot be established.

       authrequired="yes"|"no"|"autodetect"|"simple"
	      This option tells whether an authenticated connection to the ldap server is required in order to perform ldap queries. If  the  flag
	      is  set  to  yes, only sasl authenticated connections will be allowed. If it is set to no then authentication is not needed for ldap
	      server connections. If it is set to autodetect then the ldap server will be queried to  establish  a  suitable  sasl  authentication
	      mechanism.  If no suitable mechanism can be found, connections to the ldap server are made without authentication. Finally, if it is
	      set to simple, then simple authentication will be used instead of SASL.

       authtype="GSSAPI"|"LOGIN"|"PLAIN"|"ANONYMOUS"|"DIGEST-MD5|EXTERNAL"
	      This attribute can be used to specify a preferred authentication mechanism.  In normal operations, the automounter will  attempt	to
	      authenticate  to	the  ldap server using the list of supportedSASLmechanisms obtained from the directory server.	Explicitly setting
	      the authtype will bypass this selection and only try the mechanism specified. The EXTERNAL mechanism may be used to authenticate us-
	      ing a client certificate and requires that authrequired set to "yes" if using SSL or usetls, tlsrequired and authrequired all set to
	      "yes" if using TLS, in addition to authtype being set to EXTERNAL.

	      If using authtype EXTERNAL two additional configuration entries are required:

	      external_cert="<client certificate path>"

	      This specifies the path of the file containing the client certificate.

	      external_key="<client certificate key path>"

	      This specifies the path of the file containing the client certificate key.

	      These two configuration entries are mandatory when using the EXTERNAL method as the HOME environment variable cannot be  assumed	to
	      be set or, if it is, to be set to the location we expect.

       user="<username>"
	      This attribute holds the authentication identity used by authentication mechanisms that require it.  Legal values for this attribute
	      include any printable characters that can be used by the selected authentication mechanism.

       secret="<password>"
	      This attribute holds the secret used by authentication mechanisms that require it. Legal	values	for  this  attribute  include  any
	      printable characters that can be used by the selected authentication mechanism.

       encoded_secret="<base64 encoded password>"
	      This  attribute  holds the base64 encoded secret used by authentication mechanisms that require it. If this entry is present as well
	      as the secret entry this value will take precedence.

       clientprinc="<GSSAPI client principal>"
	      When using GSSAPI authentication, this attribute is consulted to determine the principal name to use when authenticating to the  di-
	      rectory server. By default, this will be set to "autofsclient/<fqdn>@<REALM>.

       credentialcache="<external credential cache path>"
	      When  using GSSAPI authentication, this attribute can be used to specify an externally configured credential cache that is used dur-
	      ing authentication.  By default, autofs will setup a memory based credential cache.

SEE ALSO

       auto.master(5),

AUTHOR

       This manual page was written by Ian Kent <raven@themaw.net>.

								    19 Feb 2010 					  AUTOFS_LDAP_AUTH.CONF(5)
All times are GMT -4. The time now is 06:04 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy