티스토리 뷰

EN/CentOS 5

CentOS 5 LDAP over TLS

ServerWorld 2016.05.31 21:45

CentOS 5 LDAP over TLS


LDAP over TLS

 

Configure LDAP over TLS to make connection be secure.



1. Create SSL certificate first. check my blog


2. Configure LDAP Server.


[root@centos5 ~]# cp /etc/pki/tls/certs/server.* /etc/openldap/cacerts/ 


[root@centos5 ~]# chown ldap. /etc/openldap/cacerts/* 


[root@centos5 ~]# vi /etc/openldap/slapd.conf

include/etc/openldap/schema/core.schema

include/etc/openldap/schema/cosine.schema

include/etc/openldap/schema/inetorgperson.schema

include/etc/openldap/schema/nis.schema


# line 10: add follows

TLSCertificateFile      /etc/openldap/cacerts/server.crt

TLSCertificateKeyFile   /etc/openldap/cacerts/server.key


[root@centos5 ~]# /etc/rc.d/init.d/ldap restart 

Stopping slapd: [ OK ]

Checking configuration files for slapd: /etc/openldap/slapd.conf: line 119: rootdn is always granted unlimited privileges.

/etc/openldap/slapd.conf: line 124: rootdn is always granted unlimited privileges.

config file testing succeeded

[ OK ]

Starting slapd: [ OK ]




3. Configure on LDAP Client.


[root@www ~]# vi /etc/openldap/ldap.conf

# add follows to the end

TLS_REQCERT allow


[root@www ~]# vi /etc/ldap.conf

# near the end line

uri ldap://centos5.srv.world/

ssl start_tls# change

tls_cacertdir /etc/openldap/cacerts

pam_password md5




4. Configuration is completed. Connection is encrypted like below.


# for normal connection, password is shown ( yellow words )

[root@centos5 ~]# tcpdump port ldap -i eth0 -X -s 1024

16:39:34.551462 IP 192.168.0.50.50530 > dir.srv.world.ldap: P 137:237(100) ack 349 win 108 <nop,nop,timestamp 4294901699 1759750>

0x0000: 4500 0098 a57d 4000 4006 1342 c0a8 0032 E....}\@.\@..B...2

0x0010: c0a8 001e c562 0185 7f88 5b3e 311f 4816 .....b....[>1.H.

0x0020: 8018 006c 0650 0000 0101 080a fffe ffc3 ...l.P..........

0x0030: 001a da06 3062 0201 0360 3e02 0103 042a ....0b...`>....*

0x0040: 7569 643d 736c 6573 2c6f 753d 5065 6f70 uid=sles,ou=Peop

0x0050: 6c65 2c64 633d 7365 7276 6572 2d77 6f72 le,dc=srv

0x0060: 6c64 2c64 633d 696e 666f 800d 6869 726f ux,dc=world..pass

0x0070: 6b75 6e74 616e 6664 37a0 1d30 1b04 1931 wordcent..0...1.

0x0080: 2e33 2e36 2e31 2e34 2e31 2e34 322e 322e 3.6.1.4.1.42.2.2

0x0090: 3237 2e38 2e35 2e31 7.8.5.1


# for encrypted connection, password is not shown

[root@centos5 ~]# tcpdump port ldap -i eth0 -X -s 1024

16:43:41.240075 IP 192.168.0.50.37173 > dir.srv.world.ldap: P 902:976(74) ack 1656 win 143 <nop,nop,timestamp 4294900145 1821416>

0x0000: 4500 007e d2d4 4000 4006 e604 c0a8 0032 E..~..\@.\@......2

0x0010: c0a8 001e 9135 0185 6994 2ee0 17a9 5c4c .....5..i.....\L

0x0020: 8018 008f 613e 0000 0101 080a fffe f9b1 ....a>..........

0x0030: 001b cae8 1703 0100 2067 f3c9 a959 5eb8 .........g...Y^.

0x0040: 828a 80c4 a6d0 1d49 ccf7 ebcb 3a0e 0468 .......I....:..h

0x0050: a4d6 3756 1639 dcc2 bf17 0301 0020 bb89 ..7V.9..........

0x0060: 34ab 231f 0457 513c 3901 5950 b95e 8287 4.\#..WQ<9.YP.^..

0x0070: 7c77 74c5 7391 9c8a cdb0 0523 9f8d |wt.s......\#..


※ Next manual



저작자 표시 비영리 변경 금지
신고

'EN > CentOS 5' 카테고리의 다른 글

CentOS 5 WEB Server Install PHP  (0) 2016.06.01
CentOS 5 WEB Server Install httpd  (0) 2016.06.01
CentOS 5 LDAP over TLS  (0) 2016.05.31
CentOS 5 Configure LDAP Client  (0) 2016.05.31
CentOS 5 Configure LDAP Server  (0) 2016.05.31
CentOS 5 Configure NIS Server  (0) 2016.05.31
댓글