Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

ldap over tls -- ssl cert help

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users ldap over tls -- ssl cert help
# 1  
Old 02-08-2012
ldap over tls -- ssl cert help
Hey Guys,
I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get them to use the tls connection. Do I need to create an nss db on the client and import the server cert? Or what is the proper procedure to do this? I am not an expert with SSL certs and certutil but I am working on it Smilie.

Thanks,
Shaun
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

2. UNIX for Dummies Questions & Answers

Finding SSL Cert Info

How do I find out the SSL cert info on the local server? How do I know if an ssl cert is installed on local server? How it was issued to? Who was the issuer? What's the expiration date? Any other relevant information? (1 Reply)
Discussion started by: scj2012
1 Replies

3. Shell Programming and Scripting

Script which will validate SSL cert with key

Hi, I am trying to find the script which will ask for SSL Cert and Key file name/path. The output of both should be matched and compared. If the output are same than the script final output should be Certificate Matches and if it doesn't than Output don't match. Is there any way we can create... (0 Replies)
Discussion started by: SachinD
0 Replies

4. UNIX for Advanced & Expert Users

SSL/TLS with openldap

Hello to all, I'm beguinner in Linux instalations and I'm trying to Communicate from Web Sites that i have running under apache with openLDAP for users authentication using SSL mediation that seems to be connected with LDAPS. Can someone advise me how to do this, I have already installed... (1 Reply)
Discussion started by: CPMarco
1 Replies

5. Red Hat

HOW TO DISABLE SSL/TLS RENEGOTIATION?

Hi guys, Those who work on Apache may help me on this. I have following problem Description: The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the... (3 Replies)
Discussion started by: manalisharmabe
3 Replies

6. UNIX for Dummies Questions & Answers

TLS/SSL Openldap Centos 5.5

hi guys I configured my openldap but now I want to implement SSL-TLS This is my basic slapd.conf configuration include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include ... (2 Replies)
Discussion started by: karlochacon
2 Replies

7. UNIX for Dummies Questions & Answers

Implementing TLS with Sendmail and having problem with cert request

Hi. One of my company's customers requires mails to be sent to them to use TLS. Thanks to some good documentation on the web, I've got this mostly figured out, but now I'm stuck at generating the CSR. My company's mail domain is sg.bunny.com (not real address, obviously), but the email gateway... (0 Replies)
Discussion started by: pierreery
0 Replies

8. Cybersecurity

TLS/SSL vulnerability explained

Here's a pretty good, and even PHB-compatible, explanation of the current TLS/SSl protocol vulnerability, including samples. (0 Replies)
Discussion started by: pludi
0 Replies

9. UNIX for Dummies Questions & Answers

Secure ftp using ssl/tls

We have a requirement to setup secure ftp between our AIX v5.3 system and our mainframe. We don't want to use openssh with sftp and scp. Our mainframe uses ftp over ssl/tls so we have to use this on our AIX box. We have openssl on our AIX system but I'm not sure how to setup ssl/tls over ftp on... (4 Replies)
Discussion started by: DANNYC
4 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

lwp::protocol::ldap

LWP::Protocol::ldap(3)					User Contributed Perl Documentation				    LWP::Protocol::ldap(3)

NAME

       LWP::Protocol::ldap - Provide LDAP support for LWP::UserAgent

SYNOPSIS

	 use LWP::UserAgent;

	 $ua = LWP::UserAgent->new();
	 $res = $ua->get('ldap://ldap.example.com/' .
			 'o=University%20of%20Michigan,c=US??sub?(cn=Babs%20Jensen)',
			  Accept => 'text/json'):

DESCRIPTION

       The LWP::Protocol::ldap module provides support for using ldap schemed URLs following RFC 4516 with LWP.  This module is a plug-in to the
       LWP protocol handling, so you don't use it directly.

       In addition to being used with LDAP URIs, LWP::Protocol::ldap also acts as the base class for its sibling modules LWP::Protocol::ldaps and
       LWP::Protocol::ldapi.

   Features
       HTTP methods supported

       LWP::Protocol::ldap implements the HTTP GET and HEAD methods.  They are mapped to the LDAP search operation,

       Response format

       Depending on the HTTP Accept header provided by the user agent, LWP::Protocol::ldap can answer the requests in one of the following
       formats:

       DSML
	   When the HTTP Accept header contains the "text/dsml" MIME type, the response is sent as DSMLv1.

       JSON
	   When the HTTP Accept header contains the "text/json" MIME type, the response is sent as JSON.  For this to work the JSON Perl module
	   needs to be installed.

       LDIF
	   When the HTTP Accept header contains the "text/ldif" MIME type, the response is sent in LDIFv1 format.

       HTML
	   In case no HTTP Accept header has been sent or none of the above MIME types can be detected, and the x-format extension has not been
	   provided either, the response is sent using HTML markup in a 2-column table format (roughly modeled on LDIF).

       As an alternative to sending an HTTP Accept header, LWP::Protocol::ldap also accepts the "x-format" extension

       Example:

	ldap://ldap.example.com/o=University%20of%20Michigan,c=US??sub?(cn=Babs%20Jensen)?x-format=dsml

       TLS support

       For ldap and ldapi URIs, the module implements the "x-tls" extension that switches the LDAP connection to TLS using a call of the start_tls
       method.

       Example:

	ldap://ldap.example.com/o=University%20of%20Michigan,c=US??sub?(cn=Babs%20Jensen)?x-tls=1

       Note: In the above example, ideally giving "x-tls" should be sufficient, but unfortunately the parser in URI::ldap has a little flaw.

       Authorization

       Usually the connection is done anonymously, but if the HTTP Authorization header is provided with credentials for HTTP Basic authorization,
       the credentials given in that header will be used to do a simple bind to the LDAP server.

SEE ALSO

       LWP::Protocol::ldaps, LWP::Protocol::ldapi

COPYRIGHT

       Copyright (c) 1998-2004 Graham Barr, 2012 Peter Marschall.  All rights reserved.  This program is free software; you can redistribute it
       and/or modify it under the same terms as Perl itself.

perl v5.16.3							    2013-06-08						    LWP::Protocol::ldap(3)