[TriLUG] has anyone setup TLS + ldap?
Tanner Lovelace
lovelace at wayfarer.org
Wed Nov 27 18:00:38 EST 2002
On Wed, 2002-11-27 at 16:14, Ben Simpson wrote:
> oh man wonderful....
>
> I have looked and looked all over the place and have found good
> instructions on how to set this up.
>
> But...... I am missing something.
>
> I don't understand the part about the certificates.
> I create the certificates and self sign them.
> and I edit the slapd.conf file and put in the locations of my certs.
>
> great.
>
> I start the ldap server with
> slapd -d 1 -h "ldaps:/// ldap:///"
> everything seems ok. so far
> when I open GQ with tls option I notice on the server that I have an
> unknown CA.
>
> That make sense because I made and signed the certificate my self.
> How do I tell the client that this is a good CA server?
>
> Ben
Well, I don't know about self-signed certs, but what we did
was create our own CA, sign the cert with that, then specify
the CA's public key to the ldap server.
The instructions for setting up the ldap server that we used
are here: http://www.ofb.net/~jheiss/krbldap/howto.html
and they link to this site:
http://www.sendmail.org/~ca/email/other/cagreg.html
for info on setting up the CA/cert.
Cheers,
Tanner
--
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
Si hoc legere scis, nimium eruditionis habes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20021127/571d44b9/attachment.pgp>
More information about the TriLUG
mailing list