Shulou(Shulou.com)05/31 Report--

How to configure SSL/TLS encrypted communication in openldap! I believe that many inexperienced people are at a loss about this, so this article summarizes the causes and solutions of the problem. I hope you can solve this problem through this article.

1the signature & certificate made by the LDAP server

Ldap server installs ldap:yum install-y openldap openldap-servers openldap-clients migrationtools openssl

# cd / etc/openldap/certs/

# openssl genrsa-out ldap.key 1024 / / Private key

# openssl req-new-key ldap.key-out ldap.csr / / generate signature request

# openssl x509-req-days 1095-in ldap.csr-signkey ldap.key-out ldap.crt / / Public key self-signature

# ldap.key (private key), ldap.crt (certificate, public key) #

2. Return to the parent directory and set permissions on cert:

# chmod 700 certs/

# chown-R ldap.ldap certs/

3. Modify the ldap server configuration files / etc/openldap/certs/ldap.conf and / etc/openldap/certs/sldap.conf files.

# vim / etc/openldap/ldap.conf

TLS_CACERTDIR / etc/openldap/certs

TLS_REQCERT allow

URI ldaps:// http://xxx.xxx.xxx.xxx # configure URI

BASE dc=xxx,dc=xxxx # the domain name set to ldap

# #

# vim / etc/openldap/slapd.conf

TLSCACertificatePath / etc/openldap/certs

TLSCertificateFile / etc/openldap/certs/ldap.crt

TLSCertificateKeyFile / etc/openldap/certs/ldap.key

4. Modify the local ldap system configuration and enable ldaps

# vim / etc/sysconfig/ldap

SLAPD_LDAP=no # configure according to your own needs. Turn it off here.

SLAPD_LDAPI=no # configure according to your own needs. Turn it off here.

SLAPD_LDAPS=yes

5. Server startup service & configure self-startup

# service slapd stop # close first

This step is required when rm-rf / etc/openldap/slapd.d/* # # is installed for the first time. If the ldap service is already configured, just change the ldap protocol to ldaps protocol. You do not need to do this step.

# slaptest-f / etc/openldap/slapd.conf-F / etc/openldap/slapd.d/

# chown-R ldap.ldap / etc/openldap/slapd.d/

# service slapd start # enable

Configure self-boot:

# chkconfig slapd on

6. Client configuration and testing

Client machine installs openldap-clients openldap

Change client profile

# vim / etc/openldap/ldap.conf

TLS_CACERTDIR / etc/openldap/certs

TLS_REQCERT allow

URI ldaps:// http://xxx.xxx.xxx.xxx # configure URI

BASE dc=xxx,dc=xxxx # the domain name set to ldap

# #

Test:

# ldapsearch-x-W-D "cn=Manager,dc=test,dc=com"-b "dc=test,dc=com"-H ldaps://xxxxxx

Enter the password, ok!

After reading the above, you know how to configure SSL/TLS encrypted communication in openldap! Is there a way to do it? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.