 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Thu, 6 Jul 2006 20:39:02 -0400 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
I had to build the nss_ldap-226-10 rpm package from source for tls to
work. I downloaded the source rpm from rpm.pbone.net (couldn't find it
at ftp.scientificlinux.org)
Here is what I did to enable TLS with ldap:
edit /etc/ldap.conf
-comment line:
host myldapserver:389
-comment line:
ssl start_tls
-append lines:
uri ldaps://myldapserver
ssl on
edit /etc/openldap/ldap.conf
-append line (I have a self-signed cert):
TLS_REQCERT allow
nss_ldap package uses config file /etc/ldap.etc but openssl library
looks at /etc/openldap/ldap.conf
--
Chris Hunter
Systems Programmer
Department of Astronomy, Yale University
[log in to unmask]
Quoting Matt Cuttler <[log in to unmask]>:
>
> Chris Hunter wrote:
>> Hi,
>>
>> Does anyone know if the nss_ldap rpm package in SL4x (nss_ldap-226-10)
>> is compiled with ssl support ?
>
> Chris,
>
> I have a some production machines, actively used, where the accounts are
> stored in LDAP. The machines are RHEL4u3.
>
> The ldap.conf specifies a URI which uses the 'alternate port' of 636 aka
> ldaps. I'd imagine that STARTTLS on port 389 would work just as well,
> but I haven't tried it.
>
>
> I can give you more specifics if you need..
>
>
> -Matt Cuttler
>
|
|
|
