Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: TLS/SSL Openldap Centos 5.5
Top Forums UNIX for Dummies Questions & Answers TLS/SSL Openldap Centos 5.5 Post 302490840 by karlochacon on Tuesday 25th of January 2011 09:02:48 PM
Old 01-25-2011
TLS/SSL Openldap Centos 5.5
hi guys

I configured my openldap but now I want to implement SSL-TLS

This is my basic slapd.conf configuration

Code:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
database        bdb
suffix          "dc=training,dc=com"
rootdn          "cn=manager,dc=training,dc=com"
rootpw          --Removed--
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
access to attrs=userPassword,shadowLastChange
 by self write
 by anonymous auth
 by dn="cn=manager,dc=training,dc=com" write
 by * none
access to *
 by self write
 by dn="cn=manager,dc=training,dc=com" write
 by * read

And I created this script (simple I know) to create this TLS/SSL Config but it won't work users cannot login

path when I am moving certs /etc/openldap/cacerts
Code:
service ldap stop
cd /etc/openldap/
openssl genrsa -out server_key.pem 2048
chmod 440 server_key.pem
chown root.ldap server_key.pem
openssl req -new -key server_key.pem -x509 -days 3650 -out clients_cert.pem

chmod 444 clients_cert.pem
mv server_key.pem cacerts/
mv clients_cert.pem cacerts/

echo "TLSCertificateFile /.../clients_cert.pem" >> /.../slapd.conf

echo "TLSCertificateKeyFile /.../server_key.pem" >> /.../slapd.conf

echo "TLSCipherSuite HIGH" >> /...p/slapd.conf

echo "security ssf=128" >>  /.../slapd.conf
service ldap start
echo "Copying Files to LDAP Client Centos2"
rsync -av ./cacerts/clients_cert.pem centos2:/.../cacerts

As you see I create the key and certificate, assign permissions, add stuff to slapd.conf and finally copy thecer to a client PC

On client side
I use authconfig-tui
[x] Use LDAP
[x] Use LDAP Authentication
[x] Use TLS
Server: ldap://192.168.x.x
Base DN: dc=training,dc=com/

My environment is Centos 5.5

what is wrong on my config?
any idea? Something I am missing?
thanks a lotn
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Secure ftp using ssl/tls

We have a requirement to setup secure ftp between our AIX v5.3 system and our mainframe. We don't want to use openssh with sftp and scp. Our mainframe uses ftp over ssl/tls so we have to use this on our AIX box. We have openssl on our AIX system but I'm not sure how to setup ssl/tls over ftp on... (4 Replies)
Discussion started by: DANNYC
4 Replies

2. Cybersecurity

TLS/SSL vulnerability explained

Here's a pretty good, and even PHB-compatible, explanation of the current TLS/SSl protocol vulnerability, including samples. (0 Replies)
Discussion started by: pludi
0 Replies

3. Linux

SSL/TLS uses the public key to encrypt data ?

Hi, I have a doubt..whether the SSL/TLS protocol uses the public key of the web server to encrypt data before sending it. I knew the browser verifies the public key of the web server using the digital certificate (by verifying the signature of the certificate using trusted authority). whether... (2 Replies)
Discussion started by: chaitus.28
2 Replies

4. Red Hat

HOW TO DISABLE SSL/TLS RENEGOTIATION?

Hi guys, Those who work on Apache may help me on this. I have following problem Description: The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the... (3 Replies)
Discussion started by: manalisharmabe
3 Replies

5. UNIX for Advanced & Expert Users

ldap over tls -- ssl cert help

Hey Guys, I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies

6. Shell Programming and Scripting

SSH shell script to access FTP over explicit TLS/SSL

Hello, I use the following SSH script to upload *.jpg files via FTP: #!/usr/bin/expect set timeout -1 spawn ftp -v -i expect "" send "\r" expect "Password:" send "\r" expect "ftp>" send "mput *.jpg\r" expect "ftp>" send "quit\r" replaced with actual ftp server/account data. ... (5 Replies)
Discussion started by: mrpi007
5 Replies

7. UNIX for Advanced & Expert Users

SSL/TLS with openldap

Hello to all, I'm beguinner in Linux instalations and I'm trying to Communicate from Web Sites that i have running under apache with openLDAP for users authentication using SSL mediation that seems to be connected with LDAPS. Can someone advise me how to do this, I have already installed... (1 Reply)
Discussion started by: CPMarco
1 Replies

8. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

LEARN ABOUT CENTOS

slapdn

SLAPDN(8C)																SLAPDN(8C)

NAME

       slapdn - Check a list of string-represented LDAP DNs based on schema syntax

SYNOPSIS

       /usr/sbin/slapdn [-d debug-level] [-f slapd.conf] [-F confdir] [-N|-P] [-o option[=value]] [-v] DN [...]

DESCRIPTION

       Slapdn  is  used  to check the conformance of a DN based on the schema defined in slapd(8) and that loaded via slapd.conf(5).  It opens the
       slapd.conf(5) configuration file or the slapd-config(5) backend, reads in the schema definitions, and then parses the DN list given on the
       command-line.

OPTIONS

       -d debug-level
	      enable debugging messages as defined by the specified debug-level; see slapd(8) for details.

       -f slapd.conf
	      specify an alternative slapd.conf(5) file.

       -F confdir
	      specify  a config directory.  If both -f and -F are specified, the config file will be read and converted to config directory format
	      and written to the specified directory.  If neither option is specified, an attempt to read the default  config  directory  will	be
	      made before trying to use the default config file. If a valid config directory exists then the default config file is ignored.

       -N     only output a normalized form of the DN, suitable to be used in a normalization tool; incompatible with -P.

       -o option[=value]
	      Specify an option with a(n optional) value.  Possible generic options/values are:

		     syslog=<subsystems>  (see `-s' in slapd(8))
		     syslog-level=<level> (see `-S' in slapd(8))
		     syslog-user=<user>   (see `-l' in slapd(8))

       -P     only output a prettified form of the DN, suitable to be used in a check and beautification tool; incompatible with -N.

       -v     enable verbose mode.

EXAMPLES

       To check a DN give the command:

	    /usr/sbin/slapdn -f //etc/openldap/slapd.conf -v DN

SEE ALSO

       ldap(3), slapd(8), slaptest(8)

       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS

       OpenLDAP  Software  is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.  OpenLDAP Software is derived from Uni-
       versity of Michigan LDAP 3.3 Release.

OpenLDAP 2.4.39 						    2014/01/26								SLAPDN(8C)
All times are GMT -4. The time now is 12:59 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy