[CentOS] CentOS7: Setting up ldap over TLS in kickstart file
Gordon Messmer
gordon.messmer at gmail.comThu Jun 14 23:21:09 UTC 2018
- Previous message: [CentOS] CentOS7: Setting up ldap over TLS in kickstart file
- Next message: [CentOS] CentOS-announce Digest, Vol 160, Issue 3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 06/14/2018 01:01 AM, Patrick Begou wrote: > In my kickstart file I use: > auth --useshadow --enableldaptls --enablecache --passalgo=sha512 > --enableldap --enableldapauth --ldapserver="ldaps://my.ldap.server.fr" > --ldapbasedn=dc=my,dc=base,dc=dn > > Then in a post install script I download the server and ca > certificates and stops nslcd that I do not use: You probably can avoid setting up nslcd in the first place: auth --useshadow --passalgo=sha512 --enablesssd --enablesssdauth --enableldap --ldapserver="ldaps://my.ldap.server.fr" --ldapbasedn=dc=my,dc=base,dc=dn > echo "TLS_REQCERT allow">>/etc/openldap/ldap.conf > cd /etc/openldap/cacerts/ && wget > http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/ca-bundle.crt && ln -s > ca-bundle.crt $(openssl x509 -hash -in ca-bundle.crt -noout).0 > cd /etc/openldap/certs/ && wget > http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/server.crt See the man page for update-ca-trust. I *think* you need to do something more like: cd /etc/pki/ca-trust/source/anchors/ wget http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/ca-bundle.crt update-ca-trust extract ...you shouldn't have to do anything with the server's cert specifically.
- Previous message: [CentOS] CentOS7: Setting up ldap over TLS in kickstart file
- Next message: [CentOS] CentOS-announce Digest, Vol 160, Issue 3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list