Author Topic: Working with LDAPS?  (Read 2088 times)

icsy7867

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Working with LDAPS?
« on: February 19, 2018, 09:08:09 pm »
Just curious if anyone else has this working.

I used openSSL to pull the cert being used on port 636.  I think found the correct CA cert in /var/lib/zentyal/CA/cacert.pem

I have imported these into the windows certificate store and I am trying to get a successful SSL bind on port 636 using ldp.exe in windows.  I am just curious if anyone else has gotten this to work?  I dont particularly love passwords flying around in plaintext.  For my internal home network the threat is pretty low, but I would still love getting this setup using LDAPS for my ldap programs.

Thanks!

icsy7867

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Working with LDAPS?
« Reply #1 on: February 20, 2018, 03:49:22 pm »
So other applications are actually happy, but windows LDP.exe is not (Which I am okay with for now).

I am now successfully connected via LDAPS on port 3269 using LDAP intergration on Nextcloud.

Here is what I did, just in case someone else is trying to do the same...

First, get your LDAPS certificate from your zentyal domain.  We will call this zentad1.domain.com.

Code: [Select]
echo -n | openssl s_client -connect zentad1.domain.com:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
You will then get a certificiate in the terminal.  You want to grab everything from BEGIN CERTIFICATE to END CERTIFICATE:

Quote
-----BEGIN CERTIFICATE-----
You will get a bunch of randomized characters here. 
This is your actual certificate.
-----END CERTIFICATE-----

You then want to save this somewhere else as a .pem file.  In the case of my Nextcloud VM running ubuntu 16.04, this was:
/etc/ssl/certs

Code: [Select]
cd /etc/ssl/certs
sudo nano zentyalad.pem

Here you will copy and paste your cert.  You can obviously use whatever text editor you want.  You can then save with Ctrl + O (using nano).

once this is saved, you need to edit your openldap conf since this is what nextcloud/owncloud uses.  In my particular instance, this file was located at /etc/ldap/ldap.conf

Using nano I added two lines:
Code: [Select]
TLS_CACERT      /etc/ssl/certs/zentyalad.pem
CertificateFile /etc/ssl/certs/zentyalad.pem

I rebooted the server, and I was able to change LDAP to LDAPS over port 3269!

*edit*

CA and LDAPS certificates can be found here:
/var/lib/samba/private/tls


« Last Edit: February 20, 2018, 06:23:57 pm by icsy7867 »

vandykmarsu

  • Zen Apprentice
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Re: Working with LDAPS?
« Reply #2 on: June 27, 2022, 01:34:12 pm »

*edit*

CA and LDAPS certificates can be found here:
/var/lib/samba/private/tls

CA certificate can be found here:

Code: [Select]
/var/lib/zentyal/CA/private
For an trusted certificate you can follow the explanation on the Let's encrypt line:

Let's encrypt