TLS with LDAP
Create a test certificate thusly:
# openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365
Assuming that the slapd.conf file is properly configured, the following
additions are required:
TLSCertificateFile /usr/lib/ssl/misc/server.pem
TLSCertificateKeyFile /usr/lib/ssl/misc/server.pem
TLSCACertificateFile /usr/lib/ssl/misc/server.pem
replica host=hostname:389
tls=yes
binddn="normal bind parameters"
bindmethod=simple
credentials=password
To verify that the communication is taking place in an encrypted fashion a
package sniffer can be used. For example:
# ngrep -d lo
The difference between encrypted and non-encrypted traffic is fairly obvious.
|