2007 Mar 05
...ldap server. But I created an certificate with the following command: cd /usr/share/ssl/certs; make ldap.pem Then edit slapd.conf file a insert the following lines: TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem I restart the service. Then, I run the comando authconfig and I select ldap with tls. I review the logs ldap server a thrown the following: Mar 5 11:54:38 eucalipto slapd[711]: conn=13 fd=14 ACCEPT from IP= (IP= Mar 5 11:54:38 eucalipt...
2006 Oct 09
...hows. tcp 0 0* LISTEN tcp 0 0* LISTEN tcp 0 0 ESTABLISHED tcp 0 0 :::389 :::* LISTEN tcp 0 0 :::636 :::* LISTEN in slapd.conf i have TLSCipherSuite HIGH:MEDIUM:+SSLv3 TLSCertificateFile /usr/local/etc/openldap/ssl/server.crt TLSCertificateKeyFile /usr/local/etc/openldap/ssl/server.key VerifyClient demand I created the certificate like this: openssl genrsa 2048 -out > server.key openssl req -new -key server.key -out server.csr openssl req -in server.csr -key server.key -x509 -out server.crt openssl s_client -connect localhost:636 -sho...
2008 Apr 15
login ldap pdc
...d modules are stored modulepath /usr/lib/ldap moduleload back_bdb ####################################################################### # SSL: # Uncomment the following lines to enable SSL and use the default # snakeoil certificates. #TLSCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #TLSCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Chemin vers le certificat du serveur LDAP #TLSCertificateFile /etc/ldap/cert/servercert.pem # Chemin vers la clef priv??e du serveur LDAP #TLSCertificateKeyFile /etc/ldap/cert/serverkey.pem # Chemin vers le certificat de la CA #TLSCACertificateFile...
2004 Jan 09
smbldap-tools problem with Samba 3.0.1/LDAP 2.1.22/Fedora Core 1
...uld generate a proper certificate by changing to # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. #TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt #TLSCertificateFile /usr/share/ssl/certs/slapd.pem #TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem TLSCACertificateFile /usr/share/ssl/certs/cacert.pem TLSCertificateFile /usr/share/ssl/certs/slapdcrt.pem TLSCertificateKeyFile /usr/share/ssl/certs/slapdkey.pem # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES...
2004 Jun 10
And the LDIF thing
Sorry.. One more email.. I tried to create the IDMAP container on the LDAP with an example I found: dn: ou=Idmap,dc=softeng,dc=com objectClass: organizationalUnit ou: idmap structuralObjectClass: organizationalUnit and it gives: adding new entry "ou=Idmap,dc=softeng,dc=com" ldap_add: Constraint violation additional info: structuralObjectClass: no user modification allowed
2002 May 17
samba + openldap + tls
...t samba tells "Failed to issue the StartTLS instruction: Connect error". Any idea??? Have I to use the "--with-ssl" option? It's said no. ############################################## LDAP CONF: -------------------------- ######################## # certificats et clefs TLSCertificateKeyFile /opt/openldap/pem/ldapuckey.pem TLSCertificateFile /opt/openldap/pem/ldapcert.pem TLSCACertificateFile /opt/openldap/pem/demoCA/cacert.pem ############################################## SMB CONF: -------------------------- # LDAP: ldap server = obiwan ldap port = 389...
2006 Jul 18
Weird statup probems TLS & SSL openldap and samba 3.0.23
...uot; by self write by * auth access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read by anonymous auth security tls=1 TLSCACertificateFile /etc/openldap/ca.crt TLSCertificateFile /etc/openldap/server.crt TLSCertificateKeyFile /etc/openldap/server.key TLSVerifyClient demand /etc/ldap.conf *********** uri ldap:// host port 389 ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cert /etc/openldap/server.crt tls_key /etc/openldap/server.key tls_cacertfile /etc/openldap/ca.crt base dc=xxxx,dc=xxxx,dc=co...
2003 Oct 14
smbldap_search_suffix: certificate verify failed
...RVER_CERTIFICATE:certificate verify failed (Connect error) ldapsam_setsampwent: LDAP search failed: Connect error nss_ldap and pam_ldap both work well using TLS. For your information, here is ma configuration concerning TLS in: slapd.conf --> TLSCertificateFile /usr/local/etc/openldap/ldap.cert TLSCertificateKeyFile /usr/local/etc/openldap/ldap.key TLSCACertificateFile /usr/local/etc/openldap/ca.cert ldap.conf --> BASE dc=domain, dc=com URI ldap:// TLS_CACERT /usr/local/etc/openldap/ca.cert smb.conf --> ldap passwd sync = yes passdb backend = ldapsam:ldap:// gue...
2015 Feb 17
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
...e certificate and private key catenated. OpenVPN wants ca certificate chain used for signing.pem cert certificate.pem key privatekey.pem crl-verify crl.pem OpenLDAP appears similar to OpenVPN with (appears not to support CRLs): TLSCACertificatePath TLSCertificateFile TLSCertificateKeyFile Racoon wants (appears not to support CRLs): certificate_type x509 certfile keyfile ca_type x509 ca.pem But the man page doesn't talk about where the chain goes. So it appears one should generate the following file formats to satisfy all the software out there: 1. cert standalone (Op...
2024 Dec 13
RODC in DMZ >> argsfile /var/run/slapd/slapd.args >> >> TLSDHParamFile /etc/ssl/certs/dhparam.pem >> TLSCACertificateFile /etc/ssl/certs/ca.pem >> # Enable tls by providing the server cert >> TLSCertificateFile /etc/ssl/certs/<HOSTNAME>.crt >> TLSCertificateKeyFile /etc/ssl/private/<HOSTNAME>.key >> >> # loglevel 896 = acl-processing,stat,stat2, this logs queries and >> responses >> #????????? -1 = enable all >> loglevel 896 >> >> modulepath /usr/lib/ldap/ >> moduleload? back_ldap >> moduleload? bac...
2006 Oct 24
samba pdc with ldap backend setup problems
...ema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema pidfile /var/run/openldap/ argsfile /var/run/openldap/slapd.args TLSCACertificateFile /etc/pki/tls/certs/hypothalamus.cer TLSCertificateFile /etc/pki/tls/certs/brain-new.cer TLSCertificateKeyFile /etc/pki/tls/private/privkey.pem TLSCRLCheck none database bdb suffix "dc=som,dc=com" rootdn "cn=Manager,dc=som,dc=com" rootpw <password removed> checkpoint 1024 5 directory /var/lib/ldap index objectClass eq index cn...
2003 Feb 18
problems with ldap tls
...ldap port = 636 ldap suffix = o=zolnott,dc=de ldap admin dn = uid=ldaproot,o=zolnott,dc=de ldap filter = (&(uid=%u)(objectclass=sambaAccount)) ldap ssl = start_tls Here my slapd.conf: TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA TLSCertificateFile /etc/openldap/ TLSCertificateKeyFile /etc/openldap/ Here my log.smbd: [2003/02/18 01:40:12, 0] passdb/pdb_ldap.c:ldap_open_connection(182) Failed to issue the StartTLS instruction: Can't contact LDAP server [2003/02/18 01:40:12, 1] smbd/password.c:pass_check_smb(545) Couldn't find user ...
2008 Apr 01
openldap on Centos 5.1 with TLS
Hi, sorry for the stupid question, but however i am following all howtos and tutorials it is not working 1) i have created CA certificate - /etc/pki/tls/misc/CA -newca 2) i have generated a new request - /etc/pki/tls/misc/CA -newreq 3) i have signed certificate /etc/pki/tls/misc/CA -signreq SO i have CA in /etc/pki/CA i have newkey.pem i have newcert.pem i have also cealrkey.pem (without
2010 Nov 25
can't use godaddy SSL cert
...mplementation I have setup the certificate chain in my slapd.conf like so: [root at LBSD2:/usr/home/bluethundr]#grep -i tls /usr/local/etc/openldap/slapd.conf## TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /usr/local/etc/openldap/cacerts/ TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt I have tried each of the following certs with no luck in getting my cert to talk to it's CA: -rw-r--r-- 1 root bluethundr 2604 Nov 25 11:37 ca_bundle.crt -r--r----- 1 root ldap...
2009 Mar 09
ldap group authentication refresh
.../etc/openldap/schema/qmail.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/openldap/ argsfile /var/run/openldap/slapd.args TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem database bdb ... directory /var/lib/ldap index objectClass eq index uid eq index cn eq,pres index sn eq,pres,sub index mail eq,pres index mailAlternateA...
2004 Jun 11
Samba 3.0.3 on FC2: windows machine cannot join domain
...a/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 passwd-hash {SSHA] pidfile /var/run/ TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /var/ssl/cacert.pem TLSCertificateFile /var/ssl/ldapcrt.pem TLSCertificateKeyFile /var/ssl/ldapkey.pem TLSVerifyClient 0 security ssf=1 update_ssf=112 simple_bind=64 access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=userPassword by dn="cn=Manager,dc=soil,dc=ncsu,dc=edu" write by self write by * auth access to dn=".*,dc=soil,dc=ncsu,...
2009 Jul 15
idmap problem
...mba3.schema pidfile /var/run/slapd/ argsfile /var/run/slapd/slapd.args loglevel conns stats filter idletimeout 30 modulepath /usr/lib/ldap moduleload back_hdb moduleload syncprov sizelimit unlimited tool-threads 1 TLSCertificateFile /etc/ssl/certs/srv3cert.pem TLSCertificateKeyFile /etc/ssl/private/srv3key.pem TLSCACertificateFile /etc/ssl/certs/cacert.pem TLSVerifyClient never ####################################################################### # Specific Backend Directives for hdb: # Backend specific directives apply to this backend until another # 'backend' dir...
2009 Feb 18
samba can not contact the ldap server
...allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! # equivalent to TLS_CACERT TLSCertificateFile /etc/ssl/ldapcert.pem # selbst-signiertes Zertifikat # equivalent to TLS_KEY TLSCertificateKeyFile /etc/ssl/ldapkey.pem # privater Schluessel # equivalent to TLS_CERT TLSCACertificateFile /etc/ssl/demoCA/cacert.pem # Certificate Authority # this is equivalent to TLS_REQCERT #TLSVerifyClient allow #TLSVerifyClient try #TLSVerifyClient demand #Verfahrensweise TLSCipherS...
2009 Jan 22
Samba LDAP PDC not working together
...s, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however. # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt # TLSCertificateFile /etc/pki/tls/certs/slapd.pem # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control poli...
2024 Dec 13
Der Rowland, We share that concerns actually and of course if there is a way to avoid it, it is always better. Another fellow suggested us an LDAP-Proxy instead (personally have never setup one). What we actually need in our case scenario, is only that service and not the rest of bells and whistles of an RODC. I just was wondering if someone had experience with what happens if one does