Displaying 20 results from an estimated 48 matches for "tlscertificatefil".
Did you mean:
tlscertificatefile
2007 Mar 05
1
LDAP + SSL
Hi everybody
I have setting my ldap server. But I created an certificate with the
following command:
cd /usr/share/ssl/certs; make ldap.pem
Then edit slapd.conf file a insert the following lines:
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/share/ssl/certs/ldap.pem
TLSCertificateFile /usr/share/ssl/certs/ldap.pem
TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem
I restart the service. Then, I run the comando authconfig and I select ldap
with tls. I review the logs ldap server a thrown the following:
Mar 5 11:54:38 eucalipto slapd[711]: conn=13 fd=14 ACCEPT from IP=
172.16.1...
2006 Oct 09
1
SAMBA + LDAP + TLS
...t work, here I what I've done.
This is what netstat shows.
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:389 127.0.0.1:1873 ESTABLISHED
tcp 0 0 :::389 :::* LISTEN
tcp 0 0 :::636 :::* LISTEN
in slapd.conf i have
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCertificateFile /usr/local/etc/openldap/ssl/server.crt
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/server.key
VerifyClient demand
I created the certificate like this:
openssl genrsa 2048 -out > server.key
openssl req -new -key server.key -out server.csr
openssl req -in server.csr -key server.key -x509...
2008 Apr 15
0
login ldap pdc
...ssible values
loglevel 3
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
#######################################################################
# SSL:
# Uncomment the following lines to enable SSL and use the default
# snakeoil certificates.
#TLSCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#TLSCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Chemin vers le certificat du serveur LDAP
#TLSCertificateFile /etc/ldap/cert/servercert.pem
# Chemin vers la clef priv??e du serveur LDAP
#TLSCertificateKeyFile /etc/ldap/cert/serverk...
2004 Jan 09
1
smbldap-tools problem with Samba 3.0.1/LDAP 2.1.22/Fedora Core 1
...tions using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
#TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
TLSCACertificateFile /usr/share/ssl/certs/cacert.pem
TLSCertificateFile /usr/share/ssl/certs/slapdcrt.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapdkey.pem
# Sample security restrictions
# Require integrity...
2004 Jun 10
4
And the LDIF thing
Sorry.. One more email.. I tried to create the IDMAP container on the LDAP with an example I found:
dn: ou=Idmap,dc=softeng,dc=com
objectClass: organizationalUnit
ou: idmap
structuralObjectClass: organizationalUnit
and it gives:
adding new entry "ou=Idmap,dc=softeng,dc=com"
ldap_add: Constraint violation
additional info: structuralObjectClass: no user modification allowed
2002 May 17
3
samba + openldap + tls
...on: Connect error".
Any idea???
Have I to use the "--with-ssl" option? It's said no.
##############################################
LDAP CONF:
--------------------------
########################
# certificats et clefs
TLSCertificateKeyFile /opt/openldap/pem/ldapuckey.pem
TLSCertificateFile /opt/openldap/pem/ldapcert.pem
TLSCACertificateFile /opt/openldap/pem/demoCA/cacert.pem
##############################################
SMB CONF:
--------------------------
# LDAP:
ldap server = obiwan
ldap port = 389
ldap suffix = "ou=samba, dc=obiwan,dc=fr"...
2006 Jul 18
1
Weird statup probems TLS & SSL openldap and samba 3.0.23
...] Specific Entry)
access to dn.base=""
by self write
by * auth
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
by anonymous auth
security tls=1
TLSCACertificateFile /etc/openldap/ca.crt
TLSCertificateFile /etc/openldap/server.crt
TLSCertificateKeyFile /etc/openldap/server.key
TLSVerifyClient demand
/etc/ldap.conf
***********
uri ldap://yyyy.com
host yyyy.com
port 389
ssl start_tls
tls_reqcert demand
tls_checkpeer yes
tls_cert /etc/openldap/server.crt
tls_key /etc/openldap/server.key
tls_cacertfile...
2003 Oct 14
1
smbldap_search_suffix: certificate verify failed
...LDAP search:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed (Connect error)
ldapsam_setsampwent: LDAP search failed: Connect error
nss_ldap and pam_ldap both work well using TLS.
For your information, here is ma configuration concerning TLS in:
slapd.conf -->
TLSCertificateFile /usr/local/etc/openldap/ldap.cert
TLSCertificateKeyFile /usr/local/etc/openldap/ldap.key
TLSCACertificateFile /usr/local/etc/openldap/ca.cert
ldap.conf -->
BASE dc=domain, dc=com
URI ldap://server.domain.com
TLS_CACERT /usr/local/etc/openldap/ca.cert
smb.conf -->
ldap passwd sync =...
2015 Feb 17
0
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
...file containing both the certificate and private key catenated.
OpenVPN wants
ca certificate chain used for signing.pem
cert certificate.pem
key privatekey.pem
crl-verify crl.pem
OpenLDAP appears similar to OpenVPN with (appears not to support CRLs):
TLSCACertificatePath
TLSCertificateFile
TLSCertificateKeyFile
Racoon wants (appears not to support CRLs):
certificate_type x509 certfile keyfile
ca_type x509 ca.pem
But the man page doesn't talk about where the chain goes.
So it appears one should generate the following file formats to satisfy all the software out th...
2024 Dec 13
0
RODC in DMZ
...ude /etc/ldap/schema/misc.schema
>>
>> pidfile /var/run/slapd/slapd.pid
>> argsfile /var/run/slapd/slapd.args
>>
>> TLSDHParamFile /etc/ssl/certs/dhparam.pem
>> TLSCACertificateFile /etc/ssl/certs/ca.pem
>> # Enable tls by providing the server cert
>> TLSCertificateFile /etc/ssl/certs/<HOSTNAME>.crt
>> TLSCertificateKeyFile /etc/ssl/private/<HOSTNAME>.key
>>
>> # loglevel 896 = acl-processing,stat,stat2, this logs queries and
>> responses
>> #????????? -1 = enable all
>> loglevel 896
>>
>> modulepath /u...
2006 Oct 24
1
samba pdc with ldap backend setup problems
...clude /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/pki/tls/certs/hypothalamus.cer
TLSCertificateFile /etc/pki/tls/certs/brain-new.cer
TLSCertificateKeyFile /etc/pki/tls/private/privkey.pem
TLSCRLCheck none
database bdb
suffix "dc=som,dc=com"
rootdn "cn=Manager,dc=som,dc=com"
rootpw <password removed>
checkpoint 1024 5
directory /va...
2003 Feb 18
1
problems with ldap tls
...smb.conf:
ldap server = localhost
#ldap port = 389
ldap port = 636
ldap suffix = o=zolnott,dc=de
ldap admin dn = uid=ldaproot,o=zolnott,dc=de
ldap filter = (&(uid=%u)(objectclass=sambaAccount))
ldap ssl = start_tls
Here my slapd.conf:
TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA
TLSCertificateFile /etc/openldap/www.zolnott.de-ldap-crt.pem
TLSCertificateKeyFile /etc/openldap/www.zolnott.de-ldap-key-nopw.pem
Here my log.smbd:
[2003/02/18 01:40:12, 0] passdb/pdb_ldap.c:ldap_open_connection(182)
Failed to issue the StartTLS instruction: Can't contact LDAP server
[2003/02/18 01:40:12, 1]...
2008 Apr 01
2
openldap on Centos 5.1 with TLS
Hi, sorry for the stupid question,
but however i am following all howtos and tutorials it is not working
1) i have created CA certificate - /etc/pki/tls/misc/CA -newca
2) i have generated a new request - /etc/pki/tls/misc/CA -newreq
3) i have signed certificate /etc/pki/tls/misc/CA -signreq
SO i have CA in /etc/pki/CA
i have newkey.pem
i have newcert.pem
i have also cealrkey.pem (without
2010 Nov 25
1
can't use godaddy SSL cert
...tation
with SASL2 support
openldap-sasl-server-2.4.23 Open source LDAP server implementation
I have setup the certificate chain in my slapd.conf like so:
[root at LBSD2:/usr/home/bluethundr]#grep -i tls
/usr/local/etc/openldap/slapd.conf## TLS options for slapd
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/cacerts/LBSD2.summitnjhome.com.crt
TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem
TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt
I have tried each of the following certs with no luck in getting my
cert to talk to it's CA:
-rw-r-...
2009 Mar 09
3
ldap group authentication refresh
.../etc/openldap/schema/nis.schema
include /etc/openldap/schema/qmail.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
database bdb
...
directory /var/lib/ldap
index objectClass eq
index uid eq
index cn eq,pres
index sn eq,pres,sub
index ma...
2004 Jun 11
2
Samba 3.0.3 on FC2: windows machine cannot join domain
...hema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
passwd-hash {SSHA]
pidfile /var/run/slapd.pid
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /var/ssl/cacert.pem
TLSCertificateFile /var/ssl/ldapcrt.pem
TLSCertificateKeyFile /var/ssl/ldapkey.pem
TLSVerifyClient 0
security ssf=1 update_ssf=112 simple_bind=64
access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=userPassword
by dn="cn=Manager,dc=soil,dc=ncsu,dc=edu" write
by self write
by *...
2009 Jul 15
0
idmap problem
...erson.schema
include /etc/ldap/schema/samba3.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel conns stats filter
idletimeout 30
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
sizelimit unlimited
tool-threads 1
TLSCertificateFile /etc/ssl/certs/srv3cert.pem
TLSCertificateKeyFile /etc/ssl/private/srv3key.pem
TLSCACertificateFile /etc/ssl/certs/cacert.pem
TLSVerifyClient never
#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to...
2009 Feb 18
1
samba can not contact the ldap server
...by * read
access to *
by * read
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
# equivalent to TLS_CACERT
TLSCertificateFile /etc/ssl/ldapcert.pem
# selbst-signiertes Zertifikat
# equivalent to TLS_KEY
TLSCertificateKeyFile /etc/ssl/ldapkey.pem
# privater Schluessel
# equivalent to TLS_CERT
TLSCACertificateFile /etc/ssl/demoCA/cacert.pem
# Certificate Authority
# this is equivalent to TLS_REQCERT
#TLSVerifyCli...
2009 Jan 22
0
Samba LDAP PDC not working together
...ou can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client
software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 updat...
2024 Dec 13
1
RODC in DMZ
Der Rowland,
We share that concerns actually and of course if there is a way to avoid
it, it is always better. Another fellow suggested us an LDAP-Proxy
instead (personally have never setup one). What we actually need in our
case scenario, is only that service and not the rest of bells and
whistles of an RODC.
I just was wondering if someone had experience with what happens if one
does