[webmin-l] how to specify cert/key/ca for tls-only ldap

[Gary Casterline <casterln@na...>]

Can anyone point me in the right direction on how to specify
the client SSL cert, key and ca details to allow webmin
to connect to an openldap server running on localhost?
The slapd.conf 'requires' cert specification for connection:
    TLSVerifyClient         demand
All I can find are the ldap_tls=1 in /etc/ldap-useradmin/config
and /etc/ldap-client/config.

We're running webmain 1.34 and openldap 2.3.30-r2 on gentoo linux.

Thanks,

 _Gary

Re: [webmin-l] how to specify cert/key/ca for tls-only ldap

[Murray Trainer <mtrainer@ce...>]

On Mon, 2007-04-23 at 21:30 -0700, Gary Casterline wrote:
> Can anyone point me in the right direction on how to specify
> the client SSL cert, key and ca details to allow webmin
> to connect to an openldap server running on localhost?
> The slapd.conf 'requires' cert specification for connection:
>     TLSVerifyClient         demand
> All I can find are the ldap_tls=1 in /etc/ldap-useradmin/config
> and /etc/ldap-client/config.
> 
> We're running webmain 1.34 and openldap 2.3.30-r2 on gentoo linux.
> 
> Thanks,
> 
>  _Gary

Hi Gary,

The LDAP server needs to be configured to allow TLS connections which
involves entries like below in slapd.conf:

TLSCertificateFile     /etc/ssl/certs/slapdcert.pem
TLSCertificateKeyFile  /etc/ssl/certs/slapdkey.pem
TLSCACertificateKeyFile        /etc/ssl/certs/ca-cert.pem

Webmin is the client so should just need to be told to use TLS and a
valid userid/password.

Murray