Certificate generation and LDAP Server Certificates Configuration and TLS settings
Use the steps that follows to generate certificates for server and client:
Procedure
Step 1 |
Create private key for CA certificate.
|
Step 2 |
Generate CA Certificate. On LDAP server, better to give 'Common Name' as host-name of VM. On client, anything is fine.
|
Step 3 |
Generate private key for LDAP server/client certificate.
|
Step 4 |
Create Certificate Signing request (CSR). On LDAP server, better to give 'Common Name' as host-name of VM. On client, anything is fine.
|
Step 5 |
Create LDAP server/client certificate using the CSR, CA key and CA certificate.
|
Step 6 |
Verify the ldap server/client certificate against our CA.
|
Configuring LDAP Server Certificates and TLS settings
Use the steps that follows to configure LDAP Server Certificates and other TLS settings:
Procedure
Step 1 |
Copy both the certificate and the key file to /etc/openldap/certs/.
|
Step 2 |
Copy the client CA certificate to /etc/openldap/cacerts/.
|
Step 3 |
Change the ownership of /etc/openldap/certs and /etc/openldap/cacerts directories so that LDAP deamon (slapd) can use the same.
|
Step 4 |
Create an ldif file with below content to modify LDAP server attributes:
|
Step 5 |
Start 'slapd' service using 'systemctl start slapd' command (if not already running) and apply new attributes from 'ldaptls.ldif' file.
|
Step 6 |
Validate the new values using slapcat.
|
Step 7 |
Restart slapd service using command 'systemctl restart slapd' or stop slapd service and use command 'slapd -d -1' to run LDAP server in foreground with debugs enabled. |