LDAP Linux LDAP TLS
Материал из noname.com.ua
LDAP Шифрование
\ldapmodify -Y EXTERNAL -H ldapi:/// < 01_certs.ldif
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config"
\ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config -s base
Вывод:
# config dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: none olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 olcTLSVerifyClient: never olcTLSCertificateFile: /etc/ldap/ssl/ldap-srv.example.com.crt olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap-srv.example.com.key olcTLSCACertificateFile: /etc/ssl/certs/rootca.crt
root@node-3:/etc/ldap# netstat -ntpl | grep slap tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2875/slapd tcp6 0 0 :::389 :::* LISTEN 2875/slapd
# /etc/init.d/slapd restart * Stopping OpenLDAP slapd [ OK ] * Starting OpenLDAP slapd [ OK ]
# netstat -ntpl | grep slap tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 6294/slapd tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 6294/slapd tcp6 0 0 :::636 :::* LISTEN 6294/slapd tcp6 0 0 :::389 :::* LISTEN 6294/slapd