[FC3] LDAP Authentication
Craig White
craigwhite at azapple.com
Wed Dec 8 05:30:55 UTC 2004
On Tue, 2004-12-07 at 15:32 -0600, Brian Fahrlander wrote:
> I have/had LDAP Authentication working under RH9, but it's time to
> upgrade. Some changes have been made; SSL is now used by default, and I
> don't have any background on how to set up the certs (for example).
>
> Does anyone know of a compemporary ldap howto, with FC3 in mind?
> Google sure doesn't.
>
----
I seriously doubt that ssl is involved at all. I suspect you are
confusing it with TLS.
My notes for generating certs...
( I edit /usr/share/ssl/openssl.conf first)
cd /usr/share/ssl/certs
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.cert
openssl genrsa -out ldap.key 1024
openssl req -new -key ldap.key -out ldap.csr
openssl x509 -req -in ldap.csr -out ldap.cert -CA ca.cert \
-CAkey ca.key -CAcreateserial -days 3650
mkdir /etc/ssl
cp ca.cert /etc/ssl
cp ldap* /etc/ssl
then I use the following in /etc/openldap/slapd.conf
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/ssl/ldap.cert
TLSCertificateKeyFile /etc/ssl/ldap.key
TLSCACertificateFile /etc/ssl/ca.cert
YMMV
Craig
More information about the fedora-list
mailing list