Open mluis opened 11 years ago
mluis
commented
11 years ago 1) Edit /etc/openldap/slapd.d/cn\=config.ldif
olcTLSCACertificatePath: /etc/openldap/ssl/ olcTLSCertificateFile: /etc/openldap/ssl/ldap.crt olcTLSCertificateKeyFile: /etc/openldap/ssl/ldap.key
2) Put ca.crt, ldap.crt, ldap.key in /etc/openldap/ssl (key must not be encrypted)
mluis
commented
11 years ago Can't connect ldaps.
[vagrant@dmz ~]$ ldapsearch -d 1 -v -H ldaps://192.168.1.8:636 ldap_url_parse_ext(ldaps://192.168.1.8:636) ldap_initialize( ldaps://192.168.1.8:636/??base ) ldap_create ldap_url_parse_ext(ldaps://192.168.1.8:636/??base) ldap_pvt_sasl_getmech ldap_search putfilter: "(objectclass=)" put_filter: simple put_simplefilter: "objectclass=" ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 192.168.1.8:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.1.8:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_close_socket: 3 ldap_err2string ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
OpenLDAP clients and servers are capable of using the Transport Layer Security (TLS) framework to provide integrity and confidentiality protections and to support LDAP authentication using the SASL EXTERNAL mechanism.