On Sat, Apr 27, 2013 at 2:24 PM, David Barr <dafydd@xxxxxxxxxx> wrote:
Good Morning,
The Red Hat documentation only describes setting up the DS using the AS as the interface. Google searching, so far, has only boiled down to that documentation again.
Does anyone know of documentation to set up SSL/TLS on the DS using ldapadd/ldapmodify? The DS is headless, and I'm not in a place where setting up a remote X server would be well received.
Thanks!
David
--
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
Rene Descartes walks into his neighborhood watering hole. The publican sees him and asks, "Will you have your usual, sir?"
Descartes ponders a moment and replies, "I think not."
And promptly disappears...
--
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
Rene Descartes walks into his neighborhood watering hole. The publican sees him and asks, "Will you have your usual, sir?"
Descartes ponders a moment and replies, "I think not."
And promptly disappears...
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
You don't need X on the 389 server.
$LDAP_SERVER - my ldap server's fqdn
/usr/bin/389-console -a https://$LDAP_SERVER:9830 -u "cn=Directory Manager" &
The LDIF below is based on this document [1] and what I have in my SSL/TLS enabled 389 server.
dn: cn=config
changetype: modify
replace: nsslapd-secureport
nsslapd-secureport: 636
-
replace: nssldap-security
nssldap-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+rsa_rc4_40_md5,
+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des
_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_wit
h_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha,+tls_rsa_aes_128_sha,+tls
_rsa_aes_256_sha
-
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
I run these LDIFs using Apache Directory Studio, but the same file should work using examples from [1].
- Trey
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
