LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-04-2007, 12:51 PM   #1
ecsjohn
LQ Newbie
 
Registered: Feb 2006
Posts: 6

Rep: Reputation: 0
OpenLDAP - Active Directory & TLS/SSL


Currently I have OpenLDAP client authenticating against an Active Directory 2003 server, and everything is working fine. I would like to secure the communications between the two via tls/ssl, or any other means to eliminate the cleartext user/passwords being transmitted over the network.

I have googled and it doesn't seem like there is much 'good' information regarding this, and it doesn't seem like it would be very difficult....

What do I need to do to enable tls/ssl or some other secure means of communication?

--jb
 
Old 05-04-2007, 05:58 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,962
Blog Entries: 11

Rep: Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865
It really should be as simple as using
:636 instead of :389


Cheers,
Tink
 
Old 05-07-2007, 10:05 AM   #3
ecsjohn
LQ Newbie
 
Registered: Feb 2006
Posts: 6

Original Poster
Rep: Reputation: 0
If it were only that simple. I tried adding 'port 636' to the ldap.conf file, and everything worked as usual, except no change in cleartext passwords, so I tried to add the directive 'uri ldaps://some.domain.com' and 'uri ldap://some.domain.com:636' which would not authenticate any users once these directives were in place.

One interesting thing though... If I leave the port alone (default 389) and just add an 's' to the directive 'uri ldaps://some.domain.com' this solves the cleartext password problem when the ldap server connects or binds to the Active directory server - no more clear text passwords, and I can query the Active Directory server, but users can not login....

I am thinking I need to get a cert from the AD server and such, but am not sure what I need to do...

--jb
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
active directory schema for OpenLDAP paul_mat Linux - Networking 4 08-04-2008 05:00 AM
Replication between Linux OpenLDAP and Windows Active Directory spyghost Linux - Server 0 05-03-2007 02:10 AM
openldap and active directory akismax Linux - Enterprise 1 07-21-2006 05:50 PM
Active Directory & OpenLDAP to synchronize paul_mat Linux - Networking 1 08-13-2005 06:32 AM
Migrate Active Directory to OpenLDAP mafelipe Linux - Software 0 06-03-2004 09:32 AM


All times are GMT -5. The time now is 11:08 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration