Help with setiting up Password Policy and SSL/TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I am trying to configure the Password Policy for my users and read that
you would not be able to use the Policy unless you set up SSL/TLS. 
I am using 389 Server version 1.2.2.   Also I am running the Server on
Fedora 11 64 bit.  All clients are also Fedora 11 64 bit.

I followed the instructions in setting up SSL here  at
http://directory.fedoraproject.org/wiki/Howto:SSL

I ran the setupssl2.sh script and it completed with no errors.  In the
389 Admin Console I could see the certificates for both the Admin Server
and DS Server in the 
Manage Certificates screens.

Also, I do not want to use SSL for the Admin Server or the Admin
Console.  I just want to be able to use it for user authentication so
the Password Policy works.

Bottom line is that I cannot get both features (Password Policies and
SSL) working.  Any help would be greatly appreciated.

Up to this point here are my questions:

1)	 In the Directory Server GUI from the 389 Admin Console what
certificate do I use to populate the Certificate field in the Encryption
Tab?
		There are 3 choices it provides after running the
sslsetup2.sh script which are CA Certificate, server-cert, and
server-Cert.

2)	In the Client Authentication Block in the same Encryption Tab
as #1 above, I have selected "Require client authentication".  Is this
correct?
		Is this how you force the Directory Server to use only
port 636 for secure communications?  If not, how do you do that?

3)	What are the differences between /etc/openldap/ldap.conf   and
/etc/ldap.conf?  What are the client configurations needed to make this
work?
		The only ldap.conf file that
http://directory.fedoraproject.org/wiki/Howto:SSL talks about
configuring is the /etc/openldap/ldap.conf file.

		My /etc/openldap/ldap.conf file looks like this:

		URI ldap://hadmina.eidev.ngc.com/
		BASE dc=eidev, dc=ngc, dc=com
		TLS_CACERT /etc/openldap/cacerts
		TLS_REQCERT allow

4)	How do you get the certificate on the client machines?  What I
did was copy from the server the cacert.asc file that is located in
/etc/dirsrv/slapd-hadmina
		to the client machine in /etc/openldap/cacerts
directory.  Is this correct?


Thanks and I hope there is someone out there that can help me get this
working!

Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100114/8dcfb448/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux