[CentOS] securing ldap with tls and security

Tue May 24 20:56:28 UTC 2011
m.roth at 5-cent.us <m.roth at 5-cent.us>

David Mehler wrote:
> Hello,
> I'm trying to set up a centos 5.3 machine to do authentication via
> openldap. I've got it working, I'm not sure if I have it 100% right,
> but I can use ldapsearch to query the directory, use finger, id,
> chown, and other utilities with ldap usernames and groups, log in via
> ssh as an ldap user and if it's a new user automatically have the home
> directory created.
> Having got this far if anyone with a working ldap authentication
> system could give my config a sanity check let me know. My goal now is
> to get tls encryption going so that usernames and passwords aren't
> sent in the clear. I'm using self-signed certificates for now.
First, I suspect you'll get a ton of replies saying that you should
upgrade to 5.6 from 5.3.

Second, you've gotten that far; when I was dealing with openldap, I rather
liked webmin to do my sanity checks for it.