search for: tlscertificatekeyfil

...ldap server. But I created an certificate with the following command: cd /usr/share/ssl/certs; make ldap.pem Then edit slapd.conf file a insert the following lines: TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem I restart the service. Then, I run the comando authconfig and I select ldap with tls. I review the logs ldap server a thrown the following: Mar 5 11:54:38 eucalipto slapd[711]: conn=13 fd=14 ACCEPT from IP= 172.16.12.160:33935 (IP=0.0.0.0:389) Mar 5 11:54:38 eucalip...

...hows. tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:389 127.0.0.1:1873 ESTABLISHED tcp 0 0 :::389 :::* LISTEN tcp 0 0 :::636 :::* LISTEN in slapd.conf i have TLSCipherSuite HIGH:MEDIUM:+SSLv3 TLSCertificateFile /usr/local/etc/openldap/ssl/server.crt TLSCertificateKeyFile /usr/local/etc/openldap/ssl/server.key VerifyClient demand I created the certificate like this: openssl genrsa 2048 -out > server.key openssl req -new -key server.key -out server.csr openssl req -in server.csr -key server.key -x509 -out server.crt openssl s_client -connect localhost:636 -sh...

...d modules are stored modulepath /usr/lib/ldap moduleload back_bdb ####################################################################### # SSL: # Uncomment the following lines to enable SSL and use the default # snakeoil certificates. #TLSCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #TLSCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Chemin vers le certificat du serveur LDAP #TLSCertificateFile /etc/ldap/cert/servercert.pem # Chemin vers la clef priv??e du serveur LDAP #TLSCertificateKeyFile /etc/ldap/cert/serverkey.pem # Chemin vers le certificat de la CA #TLSCACertificateFile...

...uld generate a proper certificate by changing to # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. #TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt #TLSCertificateFile /usr/share/ssl/certs/slapd.pem #TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem TLSCACertificateFile /usr/share/ssl/certs/cacert.pem TLSCertificateFile /usr/share/ssl/certs/slapdcrt.pem TLSCertificateKeyFile /usr/share/ssl/certs/slapdkey.pem # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DE...

Sorry.. One more email.. I tried to create the IDMAP container on the LDAP with an example I found: dn: ou=Idmap,dc=softeng,dc=com objectClass: organizationalUnit ou: idmap structuralObjectClass: organizationalUnit and it gives: adding new entry "ou=Idmap,dc=softeng,dc=com" ldap_add: Constraint violation additional info: structuralObjectClass: no user modification allowed

...t samba tells "Failed to issue the StartTLS instruction: Connect error". Any idea??? Have I to use the "--with-ssl" option? It's said no. ############################################## LDAP CONF: -------------------------- ######################## # certificats et clefs TLSCertificateKeyFile /opt/openldap/pem/ldapuckey.pem TLSCertificateFile /opt/openldap/pem/ldapcert.pem TLSCACertificateFile /opt/openldap/pem/demoCA/cacert.pem ############################################## SMB CONF: -------------------------- # LDAP: ldap server = obiwan ldap port = 389...

...uot; by self write by * auth access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read by anonymous auth security tls=1 TLSCACertificateFile /etc/openldap/ca.crt TLSCertificateFile /etc/openldap/server.crt TLSCertificateKeyFile /etc/openldap/server.key TLSVerifyClient demand /etc/ldap.conf *********** uri ldap://yyyy.com host yyyy.com port 389 ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cert /etc/openldap/server.crt tls_key /etc/openldap/server.key tls_cacertfile /etc/openldap/ca.crt base dc=xxxx,dc=xxxx,dc=c...

...RVER_CERTIFICATE:certificate verify failed (Connect error) ldapsam_setsampwent: LDAP search failed: Connect error nss_ldap and pam_ldap both work well using TLS. For your information, here is ma configuration concerning TLS in: slapd.conf --> TLSCertificateFile /usr/local/etc/openldap/ldap.cert TLSCertificateKeyFile /usr/local/etc/openldap/ldap.key TLSCACertificateFile /usr/local/etc/openldap/ca.cert ldap.conf --> BASE dc=domain, dc=com URI ldap://server.domain.com TLS_CACERT /usr/local/etc/openldap/ca.cert smb.conf --> ldap passwd sync = yes passdb backend = ldapsam:ldap://server.domain.com gu...

...e certificate and private key catenated. OpenVPN wants ca certificate chain used for signing.pem cert certificate.pem key privatekey.pem crl-verify crl.pem OpenLDAP appears similar to OpenVPN with (appears not to support CRLs): TLSCACertificatePath TLSCertificateFile TLSCertificateKeyFile Racoon wants (appears not to support CRLs): certificate_type x509 certfile keyfile ca_type x509 ca.pem But the man page doesn't talk about where the chain goes. So it appears one should generate the following file formats to satisfy all the software out there: 1. cert standalone (O...

...ema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCACertificateFile /etc/pki/tls/certs/hypothalamus.cer TLSCertificateFile /etc/pki/tls/certs/brain-new.cer TLSCertificateKeyFile /etc/pki/tls/private/privkey.pem TLSCRLCheck none database bdb suffix "dc=som,dc=com" rootdn "cn=Manager,dc=som,dc=com" rootpw <password removed> checkpoint 1024 5 directory /var/lib/ldap index objectClass eq index cn...

...ldap port = 636 ldap suffix = o=zolnott,dc=de ldap admin dn = uid=ldaproot,o=zolnott,dc=de ldap filter = (&(uid=%u)(objectclass=sambaAccount)) ldap ssl = start_tls Here my slapd.conf: TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA TLSCertificateFile /etc/openldap/www.zolnott.de-ldap-crt.pem TLSCertificateKeyFile /etc/openldap/www.zolnott.de-ldap-key-nopw.pem Here my log.smbd: [2003/02/18 01:40:12, 0] passdb/pdb_ldap.c:ldap_open_connection(182) Failed to issue the StartTLS instruction: Can't contact LDAP server [2003/02/18 01:40:12, 1] smbd/password.c:pass_check_smb(545) Couldn't find user &...

Hi, sorry for the stupid question, but however i am following all howtos and tutorials it is not working 1) i have created CA certificate - /etc/pki/tls/misc/CA -newca 2) i have generated a new request - /etc/pki/tls/misc/CA -newreq 3) i have signed certificate /etc/pki/tls/misc/CA -signreq SO i have CA in /etc/pki/CA i have newkey.pem i have newcert.pem i have also cealrkey.pem (without

...mplementation I have setup the certificate chain in my slapd.conf like so: [root at LBSD2:/usr/home/bluethundr]#grep -i tls /usr/local/etc/openldap/slapd.conf## TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /usr/local/etc/openldap/cacerts/LBSD2.summitnjhome.com.crt TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt I have tried each of the following certs with no luck in getting my cert to talk to it's CA: -rw-r--r-- 1 root bluethundr 2604 Nov 25 11:37 ca_bundle.crt -r--r----- 1 root ldap...

.../etc/openldap/schema/qmail.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem database bdb ... directory /var/lib/ldap index objectClass eq index uid eq index cn eq,pres index sn eq,pres,sub index mail eq,pres index mailAlternate...

...a/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 passwd-hash {SSHA] pidfile /var/run/slapd.pid TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /var/ssl/cacert.pem TLSCertificateFile /var/ssl/ldapcrt.pem TLSCertificateKeyFile /var/ssl/ldapkey.pem TLSVerifyClient 0 security ssf=1 update_ssf=112 simple_bind=64 access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=userPassword by dn="cn=Manager,dc=soil,dc=ncsu,dc=edu" write by self write by * auth access to dn=".*,dc=soil,dc=ncsu...

...mba3.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel conns stats filter idletimeout 30 modulepath /usr/lib/ldap moduleload back_hdb moduleload syncprov sizelimit unlimited tool-threads 1 TLSCertificateFile /etc/ssl/certs/srv3cert.pem TLSCertificateKeyFile /etc/ssl/private/srv3key.pem TLSCACertificateFile /etc/ssl/certs/cacert.pem TLSVerifyClient never ####################################################################### # Specific Backend Directives for hdb: # Backend specific directives apply to this backend until another # 'backend' di...

...allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! # equivalent to TLS_CACERT TLSCertificateFile /etc/ssl/ldapcert.pem # selbst-signiertes Zertifikat # equivalent to TLS_KEY TLSCertificateKeyFile /etc/ssl/ldapkey.pem # privater Schluessel # equivalent to TLS_CERT TLSCACertificateFile /etc/ssl/demoCA/cacert.pem # Certificate Authority # this is equivalent to TLS_REQCERT #TLSVerifyClient allow #TLSVerifyClient try #TLSVerifyClient demand #Verfahrensweise TLSCipher...

...s, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however. # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt # TLSCertificateFile /etc/pki/tls/certs/slapd.pem # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control pol...

...include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema loglevel 296 pidfile /var/state/openldap/slapd.pid argsfile /var/state/openldap/slapd.args TLSCipherSuite HIGH TLSCertificateFile /etc/openldap/certs/slapd-cert.pem TLSCertificateKeyFile /etc/openldap/certs/slapd-key.pem password-hash {MD5} access to attrs=userPassword by self write by * auth access to attrs=sambaLMPassword,sambaNTPassword by dn="uid=administrator, ou=System, ou=People, dc=xxx,dc=xxx,dc=xxx" write by...

...a/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 passwd-hash {SSHA] pidfile /var/run/slapd.pid TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /var/ssl/cacert.pem TLSCertificateFile /var/ssl/ldapcrt.pem TLSCertificateKeyFile /var/ssl/ldapkey.pem TLSVerifyClient 0 security ssf=1 update_ssf=112 simple_bind=64 access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=userPassword by dn="cn=Manager,dc=soil,dc=ncsu,dc=edu" write by self write by * auth access to dn=".*,dc=soil,dc=ncsu...