Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Directory Server EE 6.0 TLS setup

807573Jun 4 2007 — edited Jun 4 2007
Hello:

I don't know if this has been answered before; I could not find it if it was. I am a complete newbie to LDAP. I am looking for some rather complete, rather verbose instructions to get the DS 6 and client communicating using TLS. A little more on my system setup is below:

I have installed DS 6 on Red Hat Enterprise Linux (kernel 2.6.9-34...I think). The server is using port 589 for non-secure communication and port 836 for secure communication (OpenLDAP which was installed with the OS is using the default LDAP ports). I have the following data loaded in the directory (this is just dummy data, I just needed to create something to seed the directory):
dn: dc=bns-example, dc=com
dc: bns-example
description: Organization Root
objectClass: dcObject
objectClass: top
objectClass: organization
o: BNS

dn: ou=Staff, dc=bns-example, dc=com
ou: Staff
description: These are privileged users that can interact with Organization products
objectClass: top
objectClass: organizationalUnit

dn: ou=Accounts, dc=bns-example, dc=com
ou: Accounts
objectClass: top
objectClass: organizationalUnit

dn: ou=AcctInfo, dc=bns-example, dc=com
ou: AcctInfo
objectClass: top
objectClass: organizationalUnit

dn: uid=admin, ou=Staff, dc=bns-example, dc=com
uid: admin
cn: LDAP Adminstrator
sn: admin
userPassword: testpw1
objectClass: Top
objectClass: Person
objectClass: Organizationalperson
objectClass: Inetorgperson

dn: uid=jfisher,ou=Accounts,dc=bns-example,dc=com
objectClass: top
objectClass: account
uid: jfisher
host: 192.168.11.104
ou: PreferredUser
seeAlso: cn=Jason Fisher,ou=AcctInfo,dc=bns-example,dc=com

dn: uid=asachs,ou=Accounts,dc=bns-example,dc=com
objectClass: top
objectClass: account
uid: asachs
host: 10.20.200.1
ou: BasicUser
seeAlso: cn=Andy Sachs,ou=AcctInfo,dc=bns-example,dc=com

dn: uid=tberg,ou=Accounts,dc=bns-example,dc=com
objectClass: top
objectClass: account
uid: tberg
host: 192.129.40.1
ou: BasicUser
seeAlso: cn=Tim Berg,ou=AcctInfo,dc=bns-example,dc=com

dn: cn=Jason Fisher,ou=AcctInfo,dc=bns-example,dc=com
objectClass: top
objectClass: person
cn: Jason Fisher
sn: Fisher
telephoneNumber: 508-555-1234

dn: cn=Andy Sachs,ou=AcctInfo,dc=bns-example,dc=com
objectClass: top
objectClass: person
cn: Andy Sachs
sn: Sachs
telephoneNumber: (978) 212-0123

dn: cn=Tim Berg,ou=AcctInfo,dc=bns-example,dc=com
objectClass: top
objectClass: person
cn: Tim Berg
sn: Berg
telephoneNumber: 212.848.2098
I can access the directory using ldapsearch (the OpenLDAP tool) on port 589 using -x (simple authentication). Now I want to access the data using secure communication. I have tried adding a self-signed-certificate in the server (this is completely a test system, so there will be no certificates from a trusted CA, just self-signed), then edit the /etc/openldap/ldap.conf so the TLS_CACERTDIR is set the alias dir of the DS6 instance I created. Still no luck when trying to run ldapsearch using TLS.

I can't seem to find any good tutorial or setup instructions just to get a simple setup using TLS going. Can somebody please help here with some clear and verbose instructions since I very new to LDAP and am still trying to understand how it all works and the terminology.

Thanks,
Jason
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 2 2007
Added on Jun 4 2007
#identity-management, #oracle-unified-directory-oud-oracle-directory-server-enterprise-edition-sun-dsee
2 comments
132 views