Configuring SSL in LDAP server

Operating System used: Centos 6.3

Install Openldap by running the below command.

# yum install openldap-*

Copy slapd.conf file to the required location /etc/openldap

# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

Copy DB_CONFIG to the required location

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Change the ownership by running the below command

# chown ldap.ldap /var/lib/ldap/DB_CONFIG

Open the the main LDAP configuration file and setup the Domain and Manager password.

# vim /etc/openldap/slapd.conf

database        bdb
suffix          "dc=fireblade,dc=com"
checkpoint      1024 15
rootdn          "cn=Manager,dc=fireblade,dc=com"

rootpw          redhat

Save the configuration file and start ldap. Now LDAP will start in normal mode the port 389.

# /etc/init.d/slapd restart

OPENLDAP with SSL

Open the configuration file and make the following changes below.

TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile /etc/openldap/certs/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/certs/slapdkey.pem

Go to /etc/openldap/certs and create the required certificates

# cd /etc/openldap/certs 

# openssl req -new -x509 -nodes -out /etc/openldap/certs/slapdcert.pem -keyout /etc/openldap/certs/slapdkey.pem -days 365

Fill the required details while certificate creation
Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:Kerala Locality Name (eg, city) [Default City]:Cochin Organization Name (eg, company) [Default Company Ltd]:FIREBLADE Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:fireblade Email Address []:admin@fireblade.com

Start LDAPS by running the below command

# /etc/init.d/slapd restart

Confirm LDAP is running in the SSL mode by running the below command.

# netstat -ntlp | grep 636