Saturday Aug 08, 2015

OpenLDAP + TLS in Solaris 11

This blog post serves as a followup to Configuring a Basic LDAP Server + Client in Solaris 11. It covers creating self-signed certificates and enabling TLS for secure communication.

1) Create certificates
# mkdir /etc/openldap/certs
# cd /etc/openldap/certs
# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
  -keyout server.key -out server.crt
# chmod 400 server.*
# chown openldap:openldap server.*
2) Update slapd.conf
Add the following lines to the end of /etc/openldap/slapd.conf

TLSCACertificateFile /etc/certs/ca-certificates.crt
TLSCertificateFile /etc/openldap/certs/server.crt
TLSCertificateKeyFile /etc/openldap/certs/server.key
3) Restart LDAP server
# svcadm disable ldap/server
# svcadm enable ldap/server
That's it! Connect to your LDAP server on port 389.

Tuesday Sep 29, 2009

Compiling Alpine on OpenSolaris 2009.06

For Alpine 2.00, the configure file looks around in the wrong directories for the OpenSSL header files.
...
    \*-\*-solaris\*)
      if test -d /usr/sfw/include/openssl ; then
        alpine_SSLDIR="/usr/sfw"
      elif test -d /opt/csw/include/openssl ; then
        alpine_SSLDIR="/opt/csw"
        if test -d /opt/csw/ssl/certs ; then
          alpine_SSLCERTS="/opt/csw/ssl/certs"
        fi
      fi
...
Unfortunately, configure never looks for the new location: /usr/include/openssl. Thankfully, there is an easy fix:
./configure --with-ssl-include-dir=/usr/include/openssl
About

Hiya, my name is Paul Johnson and I'm a software engineer working on the Oracle ZFS Storage Appliance .

Search

Categories
Archives
« May 2016
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today