Configure and enable TLS for OpenLDAP: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Shell Command= *useradd letsencrypt *chown openldap:letsencrypt /etc/letsencrypt/ -R *usermod -a -G letsencrypt openldap =Make sure the following parameters a…“) |
(→If you are ever in the situation to change the paths of your certificates use the following script) |
||
| Zeile 69: | Zeile 69: | ||
=If you are ever in the situation to change the paths of your certificates use the following script= | =If you are ever in the situation to change the paths of your certificates use the following script= | ||
| − | ;(it's the same script we used above, simply replace add: with replace | + | ;(it's the same script we used above, simply replace add: with replace) |
<pre> | <pre> | ||
File: /root/add_ssl.ldif | File: /root/add_ssl.ldif | ||
| Zeile 100: | Zeile 100: | ||
service apache2 restart | service apache2 restart | ||
</pre> | </pre> | ||
| + | |||
=Quelle= | =Quelle= | ||
*https://web.archive.org/web/20161023210915/http://www.dahlem.uk:80/display/deb/Configure+and+enable+TLS+for+OpenLDAP | *https://web.archive.org/web/20161023210915/http://www.dahlem.uk:80/display/deb/Configure+and+enable+TLS+for+OpenLDAP | ||
Aktuelle Version vom 3. Oktober 2022, 12:32 Uhr
Shell Command
- useradd letsencrypt
- chown openldap:letsencrypt /etc/letsencrypt/ -R
- usermod -a -G letsencrypt openldap
Make sure the following parameters are set:
File: /etc/default/slapd SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///" Create a new file with the following contents:
File: /root/add_ssl.ldif dn: cn=config changetype: modify add: olcTLSCipherSuite olcTLSCipherSuite: NORMAL - add: olcTLSCRLCheck olcTLSCRLCheck: none - add: olcTLSVerifyClient olcTLSVerifyClient: never - add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/letsencrypt/live/<your-domain>/fullchain.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/letsencrypt/live/<your-domain>/cert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/letsencrypt/live/<your-domain>/privkey.pem - add: olcTLSProtocolMin olcTLSProtocolMin: 3.3
Apply the changes to your OpenLDAP with the following command
Shell Command
- cd ~
- ldapmodify -Y EXTERNAL -H ldapi:/// -f add_ssl.ldif
Finally the following output of this command:
Shell Command
- cat /etc/ldap/slapd.d/cn\=config.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 XXXXXX dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: none olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 structuralObjectClass: olcGlobal entryUUID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX creatorsName: cn=config createTimestamp: XXXXXXXXXXXXXXXXXXXXX olcTLSCipherSuite: NORMAL olcTLSCRLCheck: none olcTLSVerifyClient: never olcTLSCACertificateFile: /etc/letsencrypt/live/<your-domain>/fullchain.pem olcTLSCertificateFile: /etc/letsencrypt/live/<your-domain>/cert.pem olcTLSCertificateKeyFile: /etc/letsencrypt/live/<your-domain>/privkey.pem olcTLSProtocolMin: 3.3 entryCSN: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: XXXXXXXXXXXXXXXX
If you are ever in the situation to change the paths of your certificates use the following script
- (it's the same script we used above, simply replace add
- with replace)
File: /root/add_ssl.ldif dn: cn=config changetype: modify replace: olcTLSCipherSuite olcTLSCipherSuite: NORMAL - replace: olcTLSCRLCheck olcTLSCRLCheck: none - replace: olcTLSVerifyClient olcTLSVerifyClient: never - replace: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/letsencrypt/live/<your-domain>/fullchain.pem - replace: olcTLSCertificateFile olcTLSCertificateFile: /etc/letsencrypt/live/<your-domain>/cert.pem - replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/letsencrypt/live/<your-domain>/privkey.pem - replace: olcTLSProtocolMin olcTLSProtocolMin: 3.3 Now restart OpenLDAP and Apache2: Shell Command service slapd restart service apache2 restart