Tru64 LDAP authentication over SSL

From: Graham Allan (allan_at_physics.umn.edu)
Date: 06/04/04

  • Next message: rubini_at_breughel.ufsia.ac.be: "Let the banks compete for your Mortgage or Loan" 
    Date: Fri, 04 Jun 2004 14:16:43 -0500
To: tru64-unix-managers@ornl.gov

    This is more of a summary than a question, although there was no
    question preceding it. But it looks as if others had asked the question
    in the past, and I saw no replies...

    We've been converting our Tru64 systems to use the LDAP authentication
    module provided with 5.1B. Many people seem to have lamented the fact
    that it couldn't connect to the LDAP server using an SSL connection. On
    looking at it more closely, though, the ldapcd binary is linked against
    libssldap50.so, and contains many strings concerning ssl. So there was
    a hint that it might be possible.

    HP support, when asked, said "I've never heard of anyone asking for
    that", and we heard no more...

    Well, it does work, although I can't claim credit for making it do so
    (my assistant Andy did all the work on this).

    /etc/ldapcd.conf needs the port number changed, and an undocumented
    option added:

    port: 636
    usessl: 1

    ldapcd also needs the ssl certificate of the ldap server in a
    netscape-format certificate database, held in the directory
    /etc/cert7.db (so the actual file is /etc/cert7.db/cert7.db)

    Some actual documentation on this would be nice, but I'm now sure how
    to get the message back to HP on this, since our support call was
    fairly fruitless!

    G. 

    -- 
-------------------------------------------------------------------------
Graham Allan - I.T. Manager - gta@umn.edu - (612) 624-5040
School of Physics and Astronomy - University of Minnesota
-------------------------------------------------------------------------
  • Next message: rubini_at_breughel.ufsia.ac.be: "Let the banks compete for your Mortgage or Loan"

    Relevant Pages

    • RE: SoapException - NullReferenceException
      ... As for webservice over SSL, there does exists some common issue such as the ... client certificate supplyment(if you've configured it to require client ... Microsoft MSDN Online Support Lead ... I have a web service running on an SSL connection and unfortunately I ...
      (microsoft.public.dotnet.framework.aspnet.webservices)
    • RE: OWA SSL Redirect Problem
      ... please disable the SSL authentication on the ... Microsoft Online Partner Support ... Business-Critical Phone Support (BCPS) provides you with technical phone ... If you are outside the United States, ...
      (microsoft.public.exchange2000.admin)
    • Re: Root Certificate
      ... their support about the same time as we did ours, ... most of these SSL issues are reproducable in Windows ... WinIE 6 and get a similar error when the cert only supports "domain.com". ...
      (microsoft.public.mac.office.entourage)
    • Re: Python does not play well with others
      ... for SSL in the socket module offers a coherent experience because it ... means that urllib and related modules can offer to support SSL-related ... because the built-in socket module SSL interface ... people started asking him mistakenly why he thought that Python was ...
      (comp.lang.python)
    • Help with LDAP Module for System Auth
      ... Our ldap server is openldap on linux. ... Authenticating to it from linux clients with TLS works fine. ... I discovered that doing so with tru64 is not possible with tls, so I've configured SSL and ldap_enable, ldap_check show positive results with ssl connectivity. ...
      (Tru64-UNIX-Managers)