LDAP over SSL/TLS



  • SSL and TLS are based mainly on two protocols:
    - Handshake Protocol: negotiates connection parameters, authenticates the server/client, establishes the server/client session.
    - Record Protocol: provides encryprted secure connection and integrity for data during the server/client session.

  • OpenLDAP server with SSL support:
    - Generate a server private key and a certificate.
    - Specify their location in slapd.conf 
    TLSCertificateFile /etc/ldap/ldap.example.crt
TLSCertificateKeyFile /etc/ldap/ldap.example.key
TLSCipherSuite HIGH:+MEDIUM:!LOW

  • /etc/ldap.conf for a client with SSL support: 
    port 636 
ssl on
  • /etc/ldap.conf for a client with TLS support: 
    ssl start_tls

    Reference: SSL/TLS explanation
    Previous Pageprevious First Pagetop Next Pagenext