Blog

dpkg-reconfigure slapd
 
slapcat
 
ldapadd -x -D "cn=admin,dc=abc,dc=app" -W -f ldap/01_add_init.ldif
 
openssl s_client -connect abc.app:8080 -showcerts | head
openssl s_client -connect localhost:636 -showcerts
 
openssl x509 -outform der -in /etc/letsencrypt/live/abc.app/fullchain.pem -out /etc/ldap/sasl2/abc.crt
openssl pkey -in /etc/letsencrypt/live/abc.app/privkey.pem -out /etc/ldap/sasl2/abc.key
cp /etc/ssl/certs/ca-certificates.crt /etc/ldap/sasl2
chown -R openldap. /etc/ldap/sasl2
 
cp /etc/letsencrypt/live/abc.app/fullchain.pem /etc/ldap/abc_crt.pem
chmod +r /etc/ldap/abc_crt.pem
cp /etc/letsencrypt/live/abc.app/privkey.pem /etc/ldap/abc_key.pem
chmod +r /etc/ldap/abc_key.pem
 
ldapmodify -Y EXTERNAL -H ldapi:/// -f ldap/02_modify_ssl.ldif
 
vim /etc/default/slapd
SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
 
systemctl restart slapd
 
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:///
 
ldapwhoami -x -H ldaps://abc.app
anonymous
 
journalctl -efu slapd
 
ufw allow 636
ufw reload
 
ufw status numbered
ufw delete 9999