Re: SSL/TLS without the Admin Server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Sat, Apr 27, 2013 at 2:24 PM, David Barr <dafydd@xxxxxxxxxx> wrote:
Good Morning,

The Red Hat documentation only describes setting up the DS using the AS as the interface. Google searching, so far, has only boiled down to that documentation again.

Does anyone know of documentation to set up SSL/TLS on the DS using ldapadd/ldapmodify? The DS is headless, and I'm not in a place where setting up a remote X server would be well received.

Thanks!
David

--

David - Offbeat         http://dafydd.livejournal.com
dafydd - Online         http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
        Integrity*Commitment*Communication*Support

----5----1----5----2----5----3----5----4----5----5----5----6----5----7--

Rene Descartes walks into his neighborhood watering hole. The publican sees him and asks, "Will you have your usual, sir?"

Descartes ponders a moment and replies, "I think not."

And promptly disappears...



--

David - Offbeat         http://dafydd.livejournal.com
dafydd - Online         http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
        Integrity*Commitment*Communication*Support

----5----1----5----2----5----3----5----4----5----5----5----6----5----7--

Rene Descartes walks into his neighborhood watering hole. The publican sees him and asks, "Will you have your usual, sir?"

Descartes ponders a moment and replies, "I think not."

And promptly disappears...




--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

You don't need X on the 389 server.

$LDAP_SERVER - my ldap server's fqdn

/usr/bin/389-console -a https://$LDAP_SERVER:9830 -u "cn=Directory Manager" &

The LDIF below is based on this document [1] and what I have in my SSL/TLS enabled 389 server.

dn: cn=config
changetype: modify
replace: nsslapd-secureport
nsslapd-secureport: 636
-
replace: nssldap-security
nssldap-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off

dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+rsa_rc4_40_md5,
 +rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des
 _sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_wit
 h_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha,+tls_rsa_aes_128_sha,+tls
 _rsa_aes_256_sha
-
replace: nsSSLClientAuth
nsSSLClientAuth: allowed

I run these LDIFs using Apache Directory Studio, but the same file should work using examples from [1].

- Trey

[1] - http://directory.fedoraproject.org/wiki/Howto:SSL#Starting_the_Server_with_SSL_enabled
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux