Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 05-04-2007, 12:51 PM   #1
LQ Newbie
Registered: Feb 2006
Posts: 6

Rep: Reputation: 0
OpenLDAP - Active Directory & TLS/SSL

Currently I have OpenLDAP client authenticating against an Active Directory 2003 server, and everything is working fine. I would like to secure the communications between the two via tls/ssl, or any other means to eliminate the cleartext user/passwords being transmitted over the network.

I have googled and it doesn't seem like there is much 'good' information regarding this, and it doesn't seem like it would be very difficult....

What do I need to do to enable tls/ssl or some other secure means of communication?

Old 05-04-2007, 05:58 PM   #2
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
It really should be as simple as using
:636 instead of :389

Old 05-07-2007, 10:05 AM   #3
LQ Newbie
Registered: Feb 2006
Posts: 6

Original Poster
Rep: Reputation: 0
If it were only that simple. I tried adding 'port 636' to the ldap.conf file, and everything worked as usual, except no change in cleartext passwords, so I tried to add the directive 'uri ldaps://' and 'uri ldap://' which would not authenticate any users once these directives were in place.

One interesting thing though... If I leave the port alone (default 389) and just add an 's' to the directive 'uri ldaps://' this solves the cleartext password problem when the ldap server connects or binds to the Active directory server - no more clear text passwords, and I can query the Active Directory server, but users can not login....

I am thinking I need to get a cert from the AD server and such, but am not sure what I need to do...



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
active directory schema for OpenLDAP paul_mat Linux - Networking 4 08-04-2008 05:00 AM
Replication between Linux OpenLDAP and Windows Active Directory spyghost Linux - Server 0 05-03-2007 02:10 AM
openldap and active directory akismax Linux - Enterprise 1 07-21-2006 05:50 PM
Active Directory & OpenLDAP to synchronize paul_mat Linux - Networking 1 08-13-2005 06:32 AM
Migrate Active Directory to OpenLDAP mafelipe Linux - Software 0 06-03-2004 09:32 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:49 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration