Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: icsy7867 on February 19, 2018, 09:08:09 pm
-
Just curious if anyone else has this working.
I used openSSL to pull the cert being used on port 636. I think found the correct CA cert in /var/lib/zentyal/CA/cacert.pem
I have imported these into the windows certificate store and I am trying to get a successful SSL bind on port 636 using ldp.exe in windows. I am just curious if anyone else has gotten this to work? I dont particularly love passwords flying around in plaintext. For my internal home network the threat is pretty low, but I would still love getting this setup using LDAPS for my ldap programs.
Thanks!
-
So other applications are actually happy, but windows LDP.exe is not (Which I am okay with for now).
I am now successfully connected via LDAPS on port 3269 using LDAP intergration on Nextcloud.
Here is what I did, just in case someone else is trying to do the same...
First, get your LDAPS certificate from your zentyal domain. We will call this zentad1.domain.com.
echo -n | openssl s_client -connect zentad1.domain.com:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
You will then get a certificiate in the terminal. You want to grab everything from BEGIN CERTIFICATE to END CERTIFICATE:
-----BEGIN CERTIFICATE-----
You will get a bunch of randomized characters here.
This is your actual certificate.
-----END CERTIFICATE-----
You then want to save this somewhere else as a .pem file. In the case of my Nextcloud VM running ubuntu 16.04, this was:
/etc/ssl/certs
cd /etc/ssl/certs
sudo nano zentyalad.pem
Here you will copy and paste your cert. You can obviously use whatever text editor you want. You can then save with Ctrl + O (using nano).
once this is saved, you need to edit your openldap conf since this is what nextcloud/owncloud uses. In my particular instance, this file was located at /etc/ldap/ldap.conf
Using nano I added two lines:
TLS_CACERT /etc/ssl/certs/zentyalad.pem
CertificateFile /etc/ssl/certs/zentyalad.pem
I rebooted the server, and I was able to change LDAP to LDAPS over port 3269!
*edit*
CA and LDAPS certificates can be found here:
/var/lib/samba/private/tls
-
*edit*
CA and LDAPS certificates can be found here:
/var/lib/samba/private/tls
CA certificate can be found here:
/var/lib/zentyal/CA/private
For an trusted certificate you can follow the explanation on the Let's encrypt line:
Let's encrypt (https://doc.zentyal.org/en/ca.html)