TLS/SSL Openldap Centos 5.5


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers TLS/SSL Openldap Centos 5.5
# 1  
Old 01-25-2011
TLS/SSL Openldap Centos 5.5

hi guys

I configured my openldap but now I want to implement SSL-TLS

This is my basic slapd.conf configuration

Code:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
database        bdb
suffix          "dc=training,dc=com"
rootdn          "cn=manager,dc=training,dc=com"
rootpw          --Removed--
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
access to attrs=userPassword,shadowLastChange
 by self write
 by anonymous auth
 by dn="cn=manager,dc=training,dc=com" write
 by * none
access to *
 by self write
 by dn="cn=manager,dc=training,dc=com" write
 by * read

And I created this script (simple I know) to create this TLS/SSL Config but it won't work users cannot login

path when I am moving certs /etc/openldap/cacerts
Code:
service ldap stop
cd /etc/openldap/
openssl genrsa -out server_key.pem 2048
chmod 440 server_key.pem
chown root.ldap server_key.pem
openssl req -new -key server_key.pem -x509 -days 3650 -out clients_cert.pem

chmod 444 clients_cert.pem
mv server_key.pem cacerts/
mv clients_cert.pem cacerts/

echo "TLSCertificateFile /.../clients_cert.pem" >> /.../slapd.conf

echo "TLSCertificateKeyFile /.../server_key.pem" >> /.../slapd.conf

echo "TLSCipherSuite HIGH" >> /...p/slapd.conf

echo "security ssf=128" >>  /.../slapd.conf
service ldap start
echo "Copying Files to LDAP Client Centos2"
rsync -av ./cacerts/clients_cert.pem centos2:/.../cacerts

As you see I create the key and certificate, assign permissions, add stuff to slapd.conf and finally copy thecer to a client PC

On client side
I use authconfig-tui
[x] Use LDAP
[x] Use LDAP Authentication
[x] Use TLS
Server: ldap://192.168.x.x
Base DN: dc=training,dc=com/

My environment is Centos 5.5

what is wrong on my config?
any idea? Something I am missing?
thanks a lotn
# 2  
Old 01-27-2011
any one has an idea guys?
or is not really important to configure TLS for my openldap?

thanks a lot
# 3  
Old 02-02-2011
I am including a new configuration in a PDF
so you can take a look (attached)
thanks a lot
 
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

2. UNIX for Advanced & Expert Users

SSL/TLS with openldap

Hello to all, I'm beguinner in Linux instalations and I'm trying to Communicate from Web Sites that i have running under apache with openLDAP for users authentication using SSL mediation that seems to be connected with LDAPS. Can someone advise me how to do this, I have already installed... (1 Reply)
Discussion started by: CPMarco
1 Replies

3. Shell Programming and Scripting

SSH shell script to access FTP over explicit TLS/SSL

Hello, I use the following SSH script to upload *.jpg files via FTP: #!/usr/bin/expect set timeout -1 spawn ftp -v -i expect "" send "\r" expect "Password:" send "\r" expect "ftp>" send "mput *.jpg\r" expect "ftp>" send "quit\r" replaced with actual ftp server/account data. ... (5 Replies)
Discussion started by: mrpi007
5 Replies

4. UNIX for Advanced & Expert Users

ldap over tls -- ssl cert help

Hey Guys, I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies

5. Red Hat

HOW TO DISABLE SSL/TLS RENEGOTIATION?

Hi guys, Those who work on Apache may help me on this. I have following problem Description: The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the... (3 Replies)
Discussion started by: manalisharmabe
3 Replies

6. Linux

SSL/TLS uses the public key to encrypt data ?

Hi, I have a doubt..whether the SSL/TLS protocol uses the public key of the web server to encrypt data before sending it. I knew the browser verifies the public key of the web server using the digital certificate (by verifying the signature of the certificate using trusted authority). whether... (2 Replies)
Discussion started by: chaitus.28
2 Replies

7. Cybersecurity

TLS/SSL vulnerability explained

Here's a pretty good, and even PHB-compatible, explanation of the current TLS/SSl protocol vulnerability, including samples. (0 Replies)
Discussion started by: pludi
0 Replies

8. UNIX for Dummies Questions & Answers

Secure ftp using ssl/tls

We have a requirement to setup secure ftp between our AIX v5.3 system and our mainframe. We don't want to use openssh with sftp and scp. Our mainframe uses ftp over ssl/tls so we have to use this on our AIX box. We have openssl on our AIX system but I'm not sure how to setup ssl/tls over ftp on... (4 Replies)
Discussion started by: DANNYC
4 Replies
Login or Register to Ask a Question