cd /etc/openldap/ssl
openssl genrsa -out ldap.test.com.key 1024
openssl req -new -key ldap.test.com.key -out ldap.test.com.csr
openssl x509 -req -days 7200 -in ldap.test.com.csr -signkey ldap.test.com.key -out ldap.test.com.crt

vi /etc/openldap/slapd.conf

TLSCipherSuite HIGH::MEDIUM:LOW
TLSCertificateFile /etc/openldap/ssl/ldap.test.com.crt
TLSCertificateKeyFile /etc/openldap/ssl/ldap.test.com.key


/etc/init.d/ldap restart

cat /etc/services | grep ldap
ldap            389/tcp
ldap            389/udp
ldaps           636/tcp                         # LDAP over SSL
ldaps           636/udp                         # LDAP over SSL

檢查一下有沒有LISTEN兩個port
netstat -na | grep LISTEN
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:636                 0.0.0.0:*                   LISTEN

helloworld 發表在 痞客邦 PIXNET 留言(0) 人氣()