Openldap on SSL

1.For openldap to work with ssl you can use existing certificates (see Installing a Certificate), you need to upload three files to the OpenLDAP server.
2.The three files which we need to export from CA Management are the CA certificate file, server certificate file, and certificate key file in unencrypted format.
3.Go to yast ->Security and Users ->CA Management, and enter root CA.
4.Export CA certificate to file in pem format as shown in Figure 4.

Figure 4

5.Export only server certificate  server certificate in PEM format as shown in Figure 5.

Figure 5


6.Export the certificate key file in pem format by selecting option “Certificate and Key in Unencrypted format” as shown in Figure 6.

Figure 6


7.Now go to yast->Network Services->Ldap Server.Go to TLS settings  and upload above three exported file as shown in Figure 7.
8.Open the protocol to be listen as ldap and ldaps .Enable the firewall port  for above services.
9.I went to Database and created the admin dn with cn=admin and base dn as ou=nitin,dc=com
10.Your OpenLDAP is ready to listen on ssl

Figure 7.


iFolder configuration

1.Ran simias-server-setup.
2.For Ldap configuration gave following parameters



Use LDAP? [Y]:

----- LDAP SERVER -----
The host or ip address of an LDAP server.  The server
will be searched for users to provision into Simias
and will be used by Simias for authentication.


LDAP Server? [192.168.0.4]: 127.0.0.1

----- LDAP SECURE -----
Require a secure connection between the LDAP server
and the Simias server


LDAP Secure? [Y]:

----- LDAP ADMIN DN -----
An existing LDAP user, used by this script only, to
connect to the LDAP server and create and/or check
required LDAP users for Simias.


LDAP Admin DN? [cn=admin,o=novell]: cn=admin,ou=nitin,dc=com
LDAP Admin Password? [novell]:

----- SYSTEM ADMIN -----
The Simias default administrator.  If the system is
configured to use an external identity source, the
distinguished name (dn) should be used.


System Admin? [admin]: cn=admin,ou=nitin,dc=com
System Admin Password? [novell]:

----- LDAP PROXY DN -----
An LDAP user that will be used to provision the users
between Simias and the LDAP server.  If this user
does not already exist in the LDAP tree it will be
created and granted read rights at the root of the
tree. The user's dn and password are stored by Simias.


LDAP Proxy DN? [cn=SimiasProxy,o=novell]: cn=Proxy,ou=nitin,dc=com
LDAP Proxy Password? [novell]:

----- LDAP SEARCH CONTEXT -----
A list of LDAP tree contexts (delimited by '#') that
will be searched for users to provision into Simias.


LDAP Search Context? [o=novell]: ou=nitin,dc=com

----- NAMING ATTRIBUTE -----
The LDAP attribute you want all users to login using.
I.E. 'cn' or 'email'.


Naming Attribute? [cn]:


3.  Added users in ldap  with following ldif format  and command


dn: cn=test11,ou=nitin,dc=com
changetype: add
uid: test11
givenName: test
sn: 11
cn: test11
objectClass: inetOrgPerson
userpassword: secret

dn: cn=test12,ou=nitin,dc=com
changetype: add
uid: test12
givenName: test
sn: 12
cn: test12
objectClass: inetOrgPerson
userpassword: secret


ldapadd -x -D "cn=admin,ou=nitin,dc=com"  -h <ip> -p 389  -Z -w <password> -f file.ldif