LDAP Шифрование

• http://pro-ldap.ru/books/openldap-ubuntu-in-practice/tls.html

 \ldapmodify  -Y EXTERNAL  -H ldapi:/// < 01_certs.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

\ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config -s base

Вывод:

# config
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
olcTLSVerifyClient: never
olcTLSCertificateFile: /etc/ldap/ssl/ldap-srv.example.com.crt
olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap-srv.example.com.key
olcTLSCACertificateFile: /etc/ssl/certs/rootca.crt

root@node-3:/etc/ldap# netstat  -ntpl | grep slap
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      2875/slapd
tcp6       0      0 :::389                  :::*                    LISTEN      2875/slapd

# /etc/init.d/slapd restart
 * Stopping OpenLDAP slapd                                                                                                                                                                                                                                                                                          [ OK ]
 * Starting OpenLDAP slapd                                                                                                                                                                                                                                                                                          [ OK ]

# netstat  -ntpl | grep slap
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN      6294/slapd
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      6294/slapd
tcp6       0      0 :::636                  :::*                    LISTEN      6294/slapd
tcp6       0      0 :::389                  :::*                    LISTEN      6294/slapd