LDAP with TLS and CA certificates

If you try to setup your own CA, you might notice that not all applications support your new, self signed certificate out of the box. One example I like to show here is Apache AuthLDAP.


  • installed your certificates in /etc/ssl/certs/
  • run c_rehash

Insert the following line into /etc/ldap.conf :

tls_cacertdir /etc/ssl/certs

…and the following lines in /etc/openldap/ldap.conf :

TLS_CACERTDIR   /etc/ssl/certs/
TLS_REQCERT     allow 

To test if everything works as expected, run the following command (use your own options instead):
ldapsearch -ZZ -x uid=foo -b dc=example,dc=com


About Lars Vogdt

This is the private blog space of Lars Vogdt, the topics will be in first place work related.
This entry was posted in network, openSUSE, SUSE Linux Enterprise and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s