#title Open LDAP with SSL on Debian
#author Stefan Hornburg (Racke)
#topics blog; OpenLDAP; OpenSSL
#date 2009-11-06
#pubdate 2009-11-06T11:40:27+01:00
#lang en



First of all create a self-signed certificate by following the instructions at [[http://www.eclectica.ca/howto/ssl-cert-howto.php][http://www.eclectica.ca/howto/ssl-cert-howto.php]]. I copied the private key and the certificates to /etc/ldap. Please make sure that the

private key is only readable by root.

Next add the following lines to /etc/ldap/slapd.conf:

<example>

TLSCaCertificateFile /etc/ldap/cacert.pem

TLSCertificateFile /etc/ldap/cert.pem

TLSCertificateKeyFile /etc/ldap/cert.key

</example>

Finally make sure that the LDAP server is listening at the ldaps port (636) by editing /etc/default/slapd

and restarting the LDAP server.

<example>

SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"

</example>