Securing LDAP clients (using openldap-2.3.43-28.el5_10 and/or openldap-clients-2.3.43-28.el5_10) that uses openssl

This article is part of the Securing Applications Collection

Configuration File

   /etc/openldap/ldap.conf

shortform

URI             ldaps://rhel5-32.example.com/
TLS_CACERT      /etc/openldap/rhel5-32.example.com.ca.pem
TLS_REQCERT     demand
TLS_CIPHERS      kDH:AES

Protocols

There is no control over the protocol level used. clients can use SSLv3 or TLSv1.0

Ciphers

    TLSCipherSuite          kDH:AES

Strongest available ciphers only

Certificate Handling

openldap clients expects the CA for the server for verification

Certificate Authority

     TLS_CACERT      /etc/openldap/rhel5-32.example.com.ca.pem

Root certificate for the certificate presented by the server

Select Your Language

Securing LDAP clients with SSL/TLS on RHEL5

Configuration File

shortform

Protocols

Ciphers

Certificate Handling

Certificate Authority

Comments

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Configuration File

shortform

Protocols

Ciphers

Certificate Handling

Certificate Authority

Comments

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links