cd /etc/openldap/ssl
openssl genrsa -out ldap.test.com.key 1024
openssl req -new -key ldap.test.com.key -out ldap.test.com.csr
openssl x509 -req -days 7200 -in ldap.test.com.csr -signkey ldap.test.com.key -out ldap.test.com.crt

vi /etc/openldap/slapd.conf

TLSCipherSuite HIGH::MEDIUM:LOW
TLSCertificateFile /etc/openldap/ssl/ldap.test.com.crt
TLSCertificateKeyFile /etc/openldap/ssl/ldap.test.com.key

/etc/init.d/ldap restart

cat /etc/services grep ldap
ldap            389/tcp
ldap            389/udp
ldaps           636/tcp                         # LDAP over SSL
ldaps           636/udp                         # LDAP over SSL

檢查一下有沒有LISTEN兩個port
netstat -na grep LISTEN
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:636                 0.0.0.0:*                   LISTEN

文章標籤
全站熱搜
創作者介紹
創作者 helloworld 的頭像
helloworld

Hello World

helloworld 發表在 痞客邦 留言(0) 人氣(395)