Hello,
Sorry if this topic was already created before but I didn’t find the answer on the website.
I would like to activate LDAP with TLS.
I’m not cumfortable with this, could you explain me how to do this please ?
Thank you
+2
Hi,
You’ve to take the CA root public key (and in the case the certificate has also an intermediate certificate, both has to be aggregate into the same public key).
Put it on /etc/ssl/certs
Fill in the /etc/openldap/ldap.conf to configure the TLS requirements : in my platform I’ve set TLS_REQCERT to never. But soon I will config to match the TLS_CACERT
Then config LDAP on the web interface to bind to the directory LDAP. Don’t forget to bind the LDAP using an account w/o rights : a simple user is enough
and tick the TLS square on your LDAP source !
+1
Hello,
What do you mean : “But soon I will config to match the TLS_CACERT” ?
It’s the part I look for, please :-)
I have the following in ldap.conf: TLS_CACERTDIR /etc/openldap/certs
I just have to put the CA root in /etc/ssl/certs and add this in ldap.conf ?
TLS_REQCERT demand
Thank you
+2
Hi,
I’ve been experiencing some troubles when I try to check the certificate public key.
I think you’re doing the same as I tried: I mean pushing a folder as trusted CA instead of declare the public key of the CA authority where the certificate has been issued.
Try to change the TLS_CACERTDIR to TLS_CACERT : as I wrote on my previous message take care about the complete chain of the CA. If you’ve an intermediate CA, begin with this public key and add the root public key.
Both criterias can’t work together, so comment the line where you’ve the TLS_CACERTDIR.
If needed refer to OpenLDAP client configuration (section 16.2.2)
https://www.openldap.org/doc/admin24/tls.html
Good Luck !
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.