I have set up the AIX LDAP client on AIX 5.3.9 and it's working fine, using the descriptions in the Redbook for implementing LDAP in a heterogenous environment.
I added SSL encryption to the LDAP client demon's config and created a key-db and imported a signed certificate from our CA.
When I use ldapsearch with SSL and watch the traffic with tcpdump, everything is encrypted as it is supposed to be.
When issuing lsldap, the traffic is encrypted too.
When I try to login with an LDAP-only account, I can get on the system without problem, but the traffic is not encrypted at all. I can see in the tcpdump output everything uncrypted.
I tried a lot of different settings, but without success. Here is my current ldap.cfg:
I can't see what I am missing or having setup wrong. I checked many sites about the topic but they all don't give more information than the Redbook already. Thanks a lot for any hint.
the ldap-encryption just encrypts the communication to the ldap-server, like authentication, user/group information, ldapsearch
That's just what it seems not to do when I do an ssh login with an LDAP based account. But I guess I found out what's going wrong, since there is a shell script being called doing an ldapsearch to sort out different loginshells based on ldapgroups etc.
Hi,
I just got another question on LDAP over SSL:
On Linux you can configure in ldap.cfg with "TLS_REQCERT = allow" that any CA is accepted. Is there any option to do that on AIX? I checked all possible options /etc/security/ldap/ldap.cfg and didn't find one that might be similar to that mentioned above on Linux.
Goal is to bypass the CA certificates that expire in 2 years causing an update etc. on more than 100 servers. We want to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.
Issue observed: I have configured ng.my-site.com using widlcard ssl cert. When I hit https://www.my-site.com it loads ng.my-site.com website!
please advise if I missed any concept / configs... Thank you!
httpd.conf
<VirtualHost *:80>
ServerName www.my-site.com
ServerAdmin... (0 Replies)
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Hi folks,
How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL?
It works like a charm without TLS/SSL.
i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Hi
I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI.
Wish to use LDAP-SQL in scripts (non Windows GUI environment)
http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png
Softerra LDAP Administrator 2011.1 - What's New
OS is... (2 Replies)
Hey Guys,
I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
I have interesting problem.
https:/host/some/x.cgi
- this script has run twice when I call this url
But
http:/host/some/x.cgi
work fine, only once.
Output is text/plain.
If I change output format to the Content-type text/html,
then both urls works fine - executed only once. (2 Replies)
i have configured Squid proxy server in Fedora 8 with two network interfaces.
HTTP, HTTPS, FTP are working fine but we are unable to download mails using mail clients from mail server with POP3(ssl) and SMTP(ssl).
so please someone help us how to enable pop and smtp in Squid. (1 Reply)