Main Menu
Home
Search
Support
How To's
OpenWiki
Contact Us
Users Blogs
User HowTo's
Announcements
Google Translation

 

 

 

 
OpenSSL & OpenLDAP PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Paul Matthews   

OpenSSL will be used to make the ssl certificates used by the OpenLDAP server. OpenLDAP will be used to store the user information for a variety of different reasons, from samba backend to postfix ldap aliases. With the extra security of the OpenSSL certificates OpenLDAP can now be used over an in-secure network (ie: the internet).

Name: OpenSSL
HomePage: http://www.openssl.org/
Function: developed for transmitting private documents via the Internet using cryptographic a system

Name: OpenLDAP
HomePage: http://www.openldap.org/
Function: OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol

 

1. Firstly we need to get openLDAP working edit theldap.conf

 

nano /etc/openldap/ldap.conf

 

ldap.conf:
URI ldaps://mc1.fedora.directory.server:636/
BASE dc=fedora,dc=directory,dc=server
TLS_CAiCERTDIR /etc/openldap/ssl/

 

OpenSSL OpenLDAP

2. Now we need to setup out openssl.

mkdir /etc/ssl/
mkdir /etc/openldap/ssl/

 

OpenSSL OpenLDAP

 # cd /etc/ssl
 # openssl req \
       -new -x509 -nodes -out ldap.pem \
       -keyout /etc/openldap/ssl/ldap.pem -days 999999

 

OpenSSL OpenLDAP

3. Now to setup out slapd.conf to look for the ssl cert.

nano /etc/openldap/slapd.conf

 

slapd.conf:
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem

#add the following line to disallow anonymous bind
disallow bind_anon

 

OpenSSL OpenLDAP

4. Next we need to do some bdb database definitions. Edit the slapd.conf file once more futher to the bottom this time you will find 'ldbm and/or bdb database definitions' under that replace it with.

 

nano etc/openldap/slapd.conf

 

slapd.conf:
database bdb
suffix "dc=fedora,dc=directory,dc=server"
rootdn "uid=root,dc=fedora,dc=directory,dc=server"
rootpw

 

OpenSSL OpenLDAP

5. Now we need to create a LDAP password so while in the command line type.

slappasswd

once you have entered your password you will end up with something like this

 

{SSHA}HLuLNn9wv8r9Qkgvh9qNWWZUupfro0+1

 

copy it and paste it in the slapd.conf were is says 'rootpw'. (as can be scene below)

 

OpenSSL OpenLDAP

 

nano /etc/openldap/slapd.conf
 
slapd.conf:
database bdb
suffix "dc=fedora,dc=directory,dc=server"
rootdn "uid=root,dc=fedora,dc=directory,dc=server"
rootpw {SSHA}HLuLNn9wv8r9Qkgvh9qNWWZUupfro0+1

 

OpenSSL OpenLDAP

6. We need to start the openLDAP service now

/etc/init.d/ldap start

 

OpenSSL OpenLDAP

7. Now we have to add the LDAP entries file create a file in /tmp folder called domain.ldif then fill it with the following.

 

nano /tmp/domain.ldif

 

domain.ldif:
dn: dc=fedora,dc=directory,dc=server
objectclass: dcobject
objectClass: organization
o: Fedora Directory Server
dc: fedora

 

OpenSSL OpenLDAP

8. Once you have made your domain.ldif file then run the following command.

/usr/bin/ldapadd -x -D 'uid=root,dc=fedora,dc=directory,dc=server' -W -f /tmp/domain.ldif

 

OpenSSL OpenLDAP

 

BookMarking:

 

cell1
cell3 Submit to del.icio.us
cell4
 AddThis Social Bookmark Button

 

Trouble Shooting:



Go to the wiki page

Go to the 'Contact Us ' Forum

Go to the how-to's Support Forum

External Links:

 

http://www.bayour.com/LDAPv3-HOWTO.html

 

http://gentoo-wiki.com/HOWTO_LDAPv3

Last Updated ( Wednesday, 06 June 2007 )
 
< Prev   Next >
[ Back ]