LDAP Development Setup

Posted on by

To set up debugging on the slapd, in slapd.conf:

loglevel -1

in syslog.conf:

local4.* /var/log/slap.log

To create self signed certificates:  I created a makefile:

.SUFFIXES :.cert .csr .key

TARGET = host

all : ${TARGET}.cert

${TARGET}.key :
openssl genrsa -des3 -out $@ 1024
cp $@ $@.org
openssl rsa -in $@.org -out $@
rm $@.org

.key.csr :
openssl req -new -key $< -out $@

.csr.cert :
openssl x509 -req -days 365 -in $< -signkey $*.key -out $@

clean :
rm -rf *.cert *.csr *.key *~

Added to slapd.conf.  I was not able to get self signed certificates to work yet.

#TLSCACertificateFile /etc/openldap/certs/host.csr
TLSCertificateFile /etc/openldap/certs/host.cert
TLSCertificateKeyFile /etc/openldap/certs/host.key
TLSVerifyClient never

added to ~/.ldaprc

TLS_REQCERT never

Sample code to test the connection. Does not do a query.

int result;
LDAP * ldap;
int version  = LDAP_VERSION3;
const char * host = “ldap://10=192.168.1.9/base??”;
int port = 389;
int SSLmode = LDAP_OPT_X_TLS_HARD;
const char * binddn =  “cn=Administrator,dc=application,dc=company,dc=int”;
const char * bindpw =  “secret”;

result = ldap_initialize(&ldap , host);
if ( result  != LDAP_SUCCESS){
cerr <<  __LINE__<< ” failed ” <<ldap_err2string(result) << endl;
exit(-1);
}

/* always default to LDAP V3 for TLS*/
result =  ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
if ( result  != LDAP_SUCCESS){
cerr <<  __LINE__<< ” failed ” <<ldap_err2string(result) << endl;
exit(-1);
}

result = ldap_start_tls_s( ldap, NULL, NULL );
if ( result  != LDAP_SUCCESS){
cerr <<  __LINE__<< ” failed ” <<ldap_err2string(result) << endl;
exit(-1);
}

for (int failures=0; failures<10; failures++)
{
result = ldap_simple_bind_s(ldap, binddn, bindpw);
if (LDAP_SERVER_DOWN != result)
break;
}

if (LDAP_SUCCESS != result)
{
ldap_unbind_s(ldap);
cerr <<  “LDAP: ldap_simple_bind_s() failed ” <<ldap_err2string(result) << endl;
}

Command line to test TLS setup.   Returns many results in my setup:

ldapsearch -H “ldap://192.168.1.9” -LLL -x -w secret -D “cn=Administrator,dc=application,dc=company,dc=int”  -b  ‘dc=application,dc=company,dc=int’ ‘(objectclass=*)’  -ZZ

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.