[CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]

Paul Heinlein heinlein at madboa.com
Thu Oct 7 17:05:58 UTC 2010

On Thu, 7 Oct 2010, Mathieu Baudier wrote:

>> You can also use StartTLS over the network and LDAPI (connection 
>> over Unix sockets, which are inherently secure) for apps running on 
>> the server. I use it, both with OpenLDAP and 389 Directory Server 
>> (a.k.a. Fedora DS, Red Hat DS).
> Unfortunately, I have a whole LAN whose user/group/auth management 
> is centralized with LDAP (each server having different apps). So I 
> need plain LDAP access on the LAN.

One possible solution is to have the main LDAP server addressable only 
via STARTTLS and a non-SSL, read-only slave on a different host that's 
visible only to your LAN.

Read up on the "syncrepl" directive for use in slapd.conf.

The slave could even exist in a VM hosted on the main LDAP server, 
since it's a very lightweight service.

Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/

More information about the CentOS mailing list