Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Setting Up LDAP/SSL Server Authentication

The standard Solaris OE LDAP command-line interface (CLI) tools do not allow access to the LDAP server through SSL. A modified version of the CLI tools come with Sun ONE Directory Server software and are located in $LDAPHOME/shared/bin (in this example, where LDAPHOME is /opt/iplanet/server5).

To Set Up LDAP/SSL Server Authentication

  1. Check to see whether you can access the LDAP server in the usual way:

    bash-2.03# /usr/bin/ldapsearch -h sunshine.init8.net -p 389 
    -b "o=init8.net" "cn=*" 
    
    cn=Directory Administrators, o=init8.net
    objectClass=top
    objectClass=groupofuniquenames
    cn=Directory Administrators

    Before trying the version in $LDAPHOME/shared/bin, make sure that the libraries under $LDAPHOME/shared/lib are added to LD_LIBRARY_PATH (for example, through export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/iplanet/server5/lib).

  2. Try the version in $LDAPHOME/shared/bin without encryption:

    bash-2.03# /opt/iplanet/server5/shared/bin/ldapsearch 
    -h sunshine.init8.net -p 389 -b "o=init8.net" "cn=*"
    
    version: 1
    dn: cn=Directory Administrators, o=init8.net
    objectClass: top
    objectClass: groupofuniquenames
    cn: Directory Administrators
  3. To use SSL, you have to call ldapsearch with the -Z option. You can also use the following options:

    -p: SSL port 
    -K: Private key file
    -P: Certificate database's file and pathname 
    -N: Certificate name
    -W: Password of the private key file

    A typical command looks like:

    bash-2.03# /opt/iplanet/server5/shared/bin/ldapsearch
     -h sunshine.init8.net -p 636 -Z -P /.netscape/cert7.db
     -b "o=init8.net" "cn=*"

    NOTE

    This typical command does not perform client authentication.

  • + Share This
  • 🔖 Save To Your Account