|
Use LDAP over TLS and make connection be secure.
|
|
| [1] | |
| [2] | Configure LDAP server |
|
[root@dir ~]#
cp /etc/pki/tls/certs/server.* /etc/openldap/cacerts/
[root@dir ~]#
chown ldap. /etc/openldap/cacerts/*
[root@dir ~]#
ldapmodify -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
# input like follows
dn: cn=config add: olcTLSCertificateFile olcTLSCertificateFile: /etc/openldap/cacerts/server.crt - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/openldap/cacerts/server.key
# push "Ctrl+D" key to quit
[root@dir ~]#
vi /etc/sysconfig/ldap
# line 20: change
SLAPD_LDAPS=
yes
/etc/rc.d/init.d/slapd restart
Stopping slapd:
[ OK ]
Starting slapd:
[ OK ]
|
| [3] | Configure on Client |
[root@www ~]#
vi /etc/openldap/ldap.conf
# add at the last line
URI ldaps://10.0.0.100/
BASE dc=server,dc=world
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
[root@www ~]#
vi /etc/nslcd.conf
# line 133: change like follows
#
ssl notls_cacertdir /etc/openldap/cacertsa
ssl start_tls
tls_reqcert allow
tls_reqcert allow
[root@www ~]#
vi /etc/pam_ldap.conf
# line 291: change
#
ssl notls_cacertdir /etc/openldap/cacerts
pam_password md5
ssl start_tls
tls_reqcert allow
tls_reqcert allow
[root@www ~]#
www.server.world login: fermi
shutdown -r now
Password:
Last login: Mon Jul 11 22:38:23 on ttyS0
[fermi@www ~]$
# logined
Post a Comment