TLS für OpenLDAP: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 10: | Zeile 10: | ||
;Privater Schlüssel | ;Privater Schlüssel | ||
/etc/ssl/private/star.it213.int.key | /etc/ssl/private/star.it213.int.key | ||
| + | =TLS LDIF vorbereiten= | ||
| + | *vi /root/ldap/tls.ldif | ||
| + | <pre> | ||
| + | idn: cn=config | ||
| + | changetype: modify | ||
| + | add: olcTLSCipherSuite | ||
| + | olcTLSCipherSuite: NORMAL | ||
| + | - | ||
| + | add: olcTLSCRLCheck | ||
| + | olcTLSCRLCheck: none | ||
| + | - | ||
| + | add: olcTLSVerifyClient | ||
| + | olcTLSVerifyClient: never | ||
| + | - | ||
| + | add: olcTLSCACertificateFile | ||
| + | olcTLSCACertificateFile: /etc/ssl/certs/ca.crt | ||
| + | - | ||
| + | add: olcTLSCertificateFile | ||
| + | olcTLSCertificateFile: /etc/ssl/certs/star.it213.int.crt | ||
| + | - | ||
| + | add: olcTLSCertificateKeyFile | ||
| + | olcTLSCertificateKeyFile: /etc/ssl/private/star.it213.int.key | ||
| + | - | ||
| + | add: olcTLSProtocolMin | ||
| + | olcTLSProtocolMin: 1.2 | ||
| + | |||
| + | </pre> | ||
Version vom 17. November 2025, 18:01 Uhr
LDAPS aktivieren
In der Datei /etc/default/slapd folgendes erweiteren
SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
Somit wird ldaps auf Port 636 freigeschaltet
Zertifikate besorgen und an die richtigen Stellen bringen
- Stammzertifikat
/etc/ssl/certs/ca.crt
- Zertifikat
/etc/ssl/certs/star.it213.int.crt
- Privater Schlüssel
/etc/ssl/private/star.it213.int.key
TLS LDIF vorbereiten
- vi /root/ldap/tls.ldif
idn: cn=config changetype: modify add: olcTLSCipherSuite olcTLSCipherSuite: NORMAL - add: olcTLSCRLCheck olcTLSCRLCheck: none - add: olcTLSVerifyClient olcTLSVerifyClient: never - add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/ca.crt - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/star.it213.int.crt - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/private/star.it213.int.key - add: olcTLSProtocolMin olcTLSProtocolMin: 1.2