差異處
這裏顯示兩個版本的差異處。
|
java:ldap:openldap [2016/03/24 22:57] tony [OpenLDAP with SSL/TLS] |
java:ldap:openldap [2023/06/25 09:48] |
||
|---|---|---|---|
| 行 1: | 行 1: | ||
| - | ====== OpenLDAP ====== | + | |
| - | ===== View cn=config ===== | + | |
| - | <code bash> | + | |
| - | ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config | + | |
| - | </code> | + | |
| - | ===== Enable SSL/TLS ===== | + | |
| - | 我參考了[[http://wiki.weithenn.org/cgi-bin/wiki.pl?OpenLDAP-SSL_TLS_%E8%A8%AD%E5%AE%9A|此篇]]教學產生certification file與設定,結果一直無法正常連線。於是透過以下command打開debug mode: | + | |
| - | <code bash> | + | |
| - | /usr/sbin/slapd -d 1 -h "ldap:/// ldapi:/// ldaps:///" -g openldap -u openldap -F /etc/ldap/slapd.d | + | |
| - | </code> | + | |
| - | 出現以下錯誤訊息: | + | |
| - | <code> | + | |
| - | 56f10002 slap_listener_activate(10): | + | |
| - | 56f10002 >>> slap_listener(ldaps://) | + | |
| - | 56f10002 connection_get(19): got connid=1001 | + | |
| - | 56f10002 connection_read(19): checking for input on id=1001 | + | |
| - | TLS: can't accept: Could not negotiate a supported cipher suite.. | + | |
| - | 56f10002 connection_read(19): TLS accept failure error=-1 id=1001, closing | + | |
| - | 56f10002 connection_close: conn=1001 sd=19 | + | |
| - | </code> | + | |
| - | 最後試出在Ubuntu 14.04下的slapd,可以參考[[http://mindref.blogspot.tw/2010/12/debian-openldap-ssl-tls-encryption.html|此篇]]教學做法,將certification file設定給匯進去。 | + | |
