[CentOS] LDAP + SSL

Mon Mar 5 17:47:58 UTC 2007
Jim Perrin <jperrin at gmail.com>

On 3/5/07, Alexander Lopez <zepolar at gmail.com> wrote:
> Hi everybody
> I have setting my ldap server. But I created an certificate with the
> following command:
> cd /usr/share/ssl/certs; make ldap.pem
> Then edit slapd.conf file a insert the following lines:
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
>  TLSCACertificateFile /usr/share/ssl/certs/ldap.pem
> TLSCertificateFile /usr/share/ssl/certs/ldap.pem
>  TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem
> I restart the service. Then, I run the comando authconfig and I select ldap
> with tls. I review the logs ldap server a thrown the following:
> Mar  5 11:54:38 eucalipto slapd[711]: conn=13 fd=14 ACCEPT from
> IP=172.16.12.160:33935 (IP=0.0.0.0:389 )
> Mar  5 11:54:38 eucalipto slapd[711]: conn=13 op=0 STARTTLS
>  Mar  5 11:54:38 eucalipto slapd[711]: conn=13 op=0 RESULT oid= err=0 text=
>  Mar  5 11:54:39 eucalipto slapd[711]: conn=13 fd=14 closed (TLS negotiation
> failure)
> I need you help.

Add the following to /etc/openldap/ldap.conf
TLS_REQCERT allow


-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell