Export Cert for LDAP Clients

custangro · 07-28-2011, 03:05 PM

Hello,

I'm using CENTOS-DS and I've installed it and it's up and running fine.

I created a cert and forced the CENTOS-DS to only run on a secure port. Now The clients can't authenticate beacuse the TLS option in "system-config-authentication" isn't ticked off because I don't have a cert for them to download.

How can I generate this file? Google only yields results on "How to make your LDAP server use SSL/TLS"...but none of these howtos show how to configure the clients.

All servers are running CentOS 5

--C

acid_kewpie · 07-28-2011, 03:37 PM

well the clients just need to have tls enabled in ldap.conf ("ssl starttls" in ldap.conf). Well that and a valid CA Certificate, which is outside of the ldap side of things. If you are using a self CA then you would look to put your CA cert on each client and point to it using "tls_cacertdir /etc/ssl/certs" for example. If you are using a commerically signed cert then there should be no further action required.

Not sure why you can't find anything, there's loads out there. http://www.openldap.org/pub/ksoper/O...P_TLS.html#4.1