#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2008
    Posts
    4
    Rep Power
    0

    OpenLDAP over SSL (OpenSSL) on Windows


    After some trouble I have managed to get an OpenLDAP application running. I have it running on the Windows platform and I plan to implement a Java application which can access and manipulate some variables in the AD.
    But this needs to run over SSL. Since I'm running OpenLDAP I thought it would be best to run it with OpenSSL.
    On both sides I have an LDAPSoft browser running, which I have found to be the easiest one to manage certificates with.
    I have tried to find out how to generate the needed certificates and where to place them to get the LDAP over SSL running. Further I have found out that it is needed to insert following SSL attributes:

    TLSCACertificateFile C:/ssl/certs/cacert.pem
    TLSCertificateFile C:/ssl/certs/servercert.pem
    TLSCertificateKeyFile C:/ssl/certs/servercert.pem
    TLSVerifyClient never


    into the slapd.conf file of the server to get it running, but still not sure if I'm doing the right thing, since I can't connect to the server over SSL.
    I'm hoping some of you guys have some suggestions on how to do this.

    Thank you in advance
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2008
    Posts
    4
    Rep Power
    0
    A little correction to the last post, the server key is placed in:

    TLSCertificateKeyFile C:/ssl/keys/serverkey.pem

    But it surprisses me that noone has responded although a few days have past since I posted this.
    I could add that I have found and followed the manual: Creating seflsigned certificate using OpenSSL - dylanbeattie.net/docs/openssl_iis_ssl_howto.html but I can't get it to work. The request file I have generated using java sdk keytool instead of the IIS way refered to in that manual and given the filenames the ending .pem instead of .cer.
    Further more have I in the OpenLDAP documentation read that the the server CN must contain the server's fully qualified domain name, which in my case is a local domain name and not a www adress, is this possible?

    Thanx in advance
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2008
    Posts
    4
    Rep Power
    0
    I solved my problem by starting the ldap server with the following syntax:

    slapd -h "ldap:/// ldaps:///"

    Earlier I was starting it with:

    slapd -d 1

    With netstat i found out that the last didn't listen on the ssl port 636.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2008
    Posts
    2
    Rep Power
    0
    Originally Posted by gocin
    I solved my problem by starting the ldap server with the following syntax:

    slapd -h "ldap:/// ldaps:///"

    Earlier I was starting it with:

    slapd -d 1

    With netstat i found out that the last didn't listen on the ssl port 636.

    hi,

    this is sundar,

    since last two days i m trying to configure ssl port in openldap .i m not able to configure.i have created certificate using openssl and i placed that certificate in openladp .i have changed slapd config also .and
    i tried slapd -h "ldap:/// ldaps:///"[/B]
    i dont know why i m not able to connect my openLDAP in ssl port.

    please help me
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2008
    Posts
    2
    Rep Power
    0
    Originally Posted by sundarapandian
    hi,

    this is sundar,

    since last two days i m trying to configure ssl port in openldap .i m not able to configure.i have created certificate using openssl and i placed that certificate in openladp .i have changed slapd config also .and
    i tried slapd -h "ldap:/// ldaps:///"[/B]
    i dont know why i m not able to connect my openLDAP in ssl port.

    please help me

    if u have any configuration material .for openssl and open ldap please sent me.



    Thanks in advance
  10. #6
  11. Modding: Oracle MsSQL Firebird
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2001
    Location
    Outside US
    Posts
    8,527
    Rep Power
    539
    Originally Posted by gocin
    ...
    I could add that I have found and followed the manual: Creating seflsigned certificate using OpenSSL - dylanbeattie.net/docs/openssl_iis_ssl_howto.html but I can't get it to work. ...
    You can check this doc I wrote (pdf) which details how I generated my own certificates with OpenSSL on Windows.
    Hope this helps

IMN logo majestic logo threadwatch logo seochat tools logo