|
|
Sponsored Content
Operating Systems
AIX
LDAP over SSL with secldapclntd
Post 302314395 by funksen on Friday 8th of May 2009 07:52:15 AM
05-08-2009
ok so I don't have to analyse the tcpdump, hate that 
you could close port 389 on your ldap-server, so there is no way to send unencrypted information
you could close port 389 on your ldap-server, so there is no way to send unencrypted information
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Has anyone managed to get LDAP to use SSL on AIX 5.2. I have managed to get the server running but not the client or any client. (0 Replies)
Discussion started by: truma1
0 Replies
2. UNIX for Advanced & Expert Users
Can someone explain the difference between the two. Thanks (1 Reply)
Discussion started by: jerardfjay
1 Replies
3. UNIX for Dummies Questions & Answers
i have configured Squid proxy server in Fedora 8 with two network interfaces.
HTTP, HTTPS, FTP are working fine but we are unable to download mails using mail clients from mail server with POP3(ssl) and SMTP(ssl).
so please someone help us how to enable pop and smtp in Squid. (1 Reply)
Discussion started by: praneel2k
1 Replies
4. Web Development
I have interesting problem.
https:/host/some/x.cgi
- this script has run twice when I call this url
But
http:/host/some/x.cgi
work fine, only once.
Output is text/plain.
If I change output format to the Content-type text/html,
then both urls works fine - executed only once. (2 Replies)
Discussion started by: kshji
2 Replies
5. UNIX for Advanced & Expert Users
Hey Guys,
I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies
6. UNIX for Advanced & Expert Users
Hi
I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI.
Wish to use LDAP-SQL in scripts (non Windows GUI environment)
http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png
Softerra LDAP Administrator 2011.1 - What's New
OS is... (2 Replies)
Discussion started by: slashdotweenie
2 Replies
7. AIX
Hi folks,
How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL?
It works like a charm without TLS/SSL.
i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies
8. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
9. Linux
Issue observed: I have configured ng.my-site.com using widlcard ssl cert. When I hit https://www.my-site.com it loads ng.my-site.com website!
please advise if I missed any concept / configs... Thank you!
httpd.conf
<VirtualHost *:80>
ServerName www.my-site.com
ServerAdmin... (0 Replies)
Discussion started by: ashokvpp
0 Replies
LEARN ABOUT MOJAVE
dsconfigldap
dsconfigldap(1) BSD General Commands Manual dsconfigldap(1) NAME
dsconfigldap -- LDAP server configuration/binding add/remove tool. SYNOPSIS
dsconfigldap [-fvixsgmeSN] -a servername [-n configname] [-c computerid] [-u username] [-p password] [-l username] [-q password] dsconfigldap [-fviSN] -r servername [-u username] [-p password] [-l username] [-q password] options: -f force authenticated binding/unbinding -v verbose logging to stdout -i prompt for passwords as required -x choose SSL connection -s enforce secure authentication only -g enforce packet signing security policy -m enforce man-in-middle security policy -e enforce encryption security policy -S do not update search policies -N do not prompt about adding certificates -h display usage statement -a servername add config of servername -r servername remove config of servername -n configname name given to LDAP server config -c computerid name used if binding to directory -u username privileged network username -p password privileged network user password -l username local admin username -q password local admin password DESCRIPTION
dsconfigldap allows addition or removal of LDAP server configurations. Presented below is a discussion of possible parameters. Usage has three intents: add server config, remove server config, or display help. Options list and their descriptions: -f Bindings will be established or dropped in conjunction with the addition or removal of the LDAP server configuration. -v This enables the logging to stdout of the details of the operations. This can be redirected to a file. -i You will be prompted for a password to use in conjunction with a specified username. -s This ensures that no clear text passwords will be sent to the LDAP server during authentication. This will only be enabled if the server supports non-cleartext methods. -e This ensures that if the server is capable of supporting encryption methods (i.e., SSL or Kerberos) that encryption will be enforced at all times via policy. -m This ensures that man-in-the-middle capabilities will be enforced via Kerberos, if the server supports the capability. -g This ensures that packet signing capabilities will be enforced via Kerberos, if the server supports the capability. -x Connection to the LDAP server will only be made over SSL. -S Will skip updating the search policies. -N Will assume Yes for installing certificates -h Display usage statement. -a servername This is either the fully qualified domain name or correct IP address of the LDAP server to be added to the DirectoryService LDAPv3 configuration. -r servername This is either the fully qualified domain name or correct IP address of the LDAP server to be removed from the DirectoryService LDAPv3 configuration. -n configname This is the UI configuration label that is to be given the LDAP server configuration. -c computerid This is the name to be used for directory binding to the LDAP server. If none is given the first substring, before a period, of the hostname (the defined environment variable "HOST") is used. -u username Username of a privileged network user to be used in authenticated directory binding. -p password Password for the privileged network user. This is a less secure method of providing a password, as it may be viewed via process list. For stronger security leave the option off and you will be prompted for a password. -l username Username of a local administrator. -q password Password for the local administrator. This is a less secure method of providing a password, as it may be viewed via process list. For stronger security leave the option off and you will be prompted for a password. EXAMPLES
dsconfigldap -a ldap.company.com The LDAP server config for the LDAP server myldap.company.com will be added. If authenticated directory binding is required by the LDAP server, then this call will fail. Otherwise, the following parameters configname, computerid, and local admin name will respectively pick up these defaults: ip address of the LDAP servername, substring up to first period of fully qualified hostname, and username of the user in the shell this tool was invoked. dsconfigldap -r ldap.company.com The LDAP server config for the LDAP server myldap.company.com will be removed but not unbound since no network user credentials were sup- plied. The local admin name will be the username of the user in the shell this tool was invoked. SEE ALSO
opendirectoryd(8), odutil(1) Mac OS April 24 2010 Mac OS