Navigation Links Back to top

OpenLDAP SSL



This section enables slapd LDAPS for usage in this tutorial. More general purpose info can be found here, on the project website: Enabling TLS on slapd.

Steps to Enable

  1. Gather the server-side crypto artifacts created during Managing PKI Keys for OpenLDAP ssl:

  2. Update openldap's config (slapd.conf or dynamic config) to point to these files and they must be accessible by slapd process at runtime: 
                        
    
### SSL Configuration
TLSCACertificateFile  /path/to/ca-cert.pem
TLSCertificateFile    /path/to/server-cert.pem
TLSCertificateKeyFile /path/to/server-key.pem
    Note: If setup openldap using the apache fortress openldap quickstart, README-QUICKSTART-SLAPD.md, these artifacts can be automatically applied.

  3. Modify the slapd startup script to listen on LDAPS port (default 636) during startup. e.g. here's how to enable for both LDAP and LDAPS listening over any hostname: 
                        
    
"ldap:/// ldaps:///"
    Notes:

  4. Restart the slapd process.

  5. Check the status of server process. From system command prompt (as apacheds user): 
                
    
[student@FTDEMO01]$ ps -ef | grep slapd
root 00:00:09 /opt/symas/lib64/slapd -u root -g root ... -h ldap://localhost:389 ldaps://fortressdemo2.com:636
    Verify slapd server restarted successfully and is now listening over LDAPS port.

This is free and unencumbered software released into the public domain.