TLS with LDAP

Create a test certificate thusly:


# openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365

Assuming that the slapd.conf file is properly configured, the following additions are required:


TLSCertificateFile      /usr/lib/ssl/misc/server.pem
TLSCertificateKeyFile   /usr/lib/ssl/misc/server.pem
TLSCACertificateFile    /usr/lib/ssl/misc/server.pem
replica  host=hostname:389
   tls=yes
   binddn="normal bind parameters"
   bindmethod=simple
   credentials=password

To verify that the communication is taking place in an encrypted fashion a package sniffer can be used. For example:


# ngrep -d lo

The difference between encrypted and non-encrypted traffic is fairly obvious.