Re: [Freeipa-users] How to secure the access to ldap with IPA
Re. I installed the server like this : ### ipa-server-install -r -n --hostname= -p '' -a '' --no-ntp --no-ssh --no-sshd -U ### And for the clients : ### ipa-client-install --domain= --realm= --fixed-primary --server= --principal=admin --password='' --mkhomedir --hostname= --no-ntp --no-ssh --no-sshd --unattended --force-join ### And when I check the /etc/openldap/ldap.conf, indeed : ### #File modified by ipa-client-install URI ldaps:// BASE dc= TLS_CACERT /etc/ipa/ca.crt ### So yes it is already enabled ^_^. Thank you for your answer. Best regards. Bahan -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to secure the access to ldap with IPA
On 01/08/2016 11:58 AM, bahan w wrote: > Hello ! > > I configured my IPA server 3.0.0.42 without SSL/TLS access to the LDAP and > I would like to enable this for the ldap. > > Is there something specific to use with FreeIPA or may I follow the DS389 > doc > http://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html#configuring-tlsssl-enabled-389-directory-server > ? > > Best regards. > > Bahan Hello, How did you again configured FreeIPA LDAP without SSL/TLS access? This is mandatory part of FreeIPA LDAP configuration, we always enable TLS, AFAIK. BTW, did you consider moving to RHEL-7? It has much newer and cooler FreeIPA version there :-) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] How to secure the access to ldap with IPA
Hello ! I configured my IPA server 3.0.0.42 without SSL/TLS access to the LDAP and I would like to enable this for the ldap. Is there something specific to use with FreeIPA or may I follow the DS389 doc http://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html#configuring-tlsssl-enabled-389-directory-server ? Best regards. Bahan -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
