Differences

This shows you the differences between two versions of the page.

--- doc:appunti:linux:sa:sldap_2_5 [2023/12/02 12:13] – [Testing an ldapsearch] niccolo
+++ doc:appunti:linux:sa:sldap_2_5 [2023/12/02 12:31] (current) – [Enable SSL] niccolo
@@ Line 42: / Line 42: @@
 Reading the dump of database #0, you can see that the **cn=config** database has the **olcRootDN: cn=admin,cn=config**, but it does not have an **olcRootPW**, so you cannot modify the config database connecting with a login/password pair. See below on how to modify the **cn=config** database (e.g. to add a new database backend).
+===== Enable SSL =====
+Create a self signed certificate or get it from some provider, like **[[https://letsencrypt.org/|Let's Encrypt]]**. Copy the files into **/etc/ldap/ssl/** and give them permissions for the //openldap// user.
+Create the following file **config-ssl.ldif**:
+<file>
+dn: cn=config
+changetype: modify
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ldap/ssl/fullchain.pem
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ldap/ssl/privkey.pem
+-
+replace: olcTLSCACertificatePath
+olcTLSCACertificatePath: /etc/ssl/cert
+</file>
+and load it into the slapd 2.5 configuration:
+<code>
+ldapmodify -Y EXTERNAL -H ldapi:/// -f config-ssl.ldif
+</code>
+Enable ldaps into **/etc/default/slapd**:
+<file>
+SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
+</file>
+Restart the slapd service.
 ===== Adding a second (new) database =====