OpenLDAP unter Ubuntu 22.04
LDAP and Transport Layer Security
LDIF-Dateien verwenden
OpenLDAP memberOf overlay
dpkg-reconfigure slapd
slapcat
ldapadd -x -D "cn=admin,dc=abc,dc=app" -W -f ldap/01_add_init.ldif
openssl s_client -connect abc.app:8080 -showcerts | head
openssl s_client -connect localhost:636 -showcerts
openssl x509 -outform der -in /etc/letsencrypt/live/abc.app/fullchain.pem -out /etc/ldap/sasl2/abc.crt
openssl pkey -in /etc/letsencrypt/live/abc.app/privkey.pem -out /etc/ldap/sasl2/abc.key
cp /etc/ssl/certs/ca-certificates.crt /etc/ldap/sasl2
chown -R openldap. /etc/ldap/sasl2
cp /etc/letsencrypt/live/abc.app/fullchain.pem /etc/ldap/abc_crt.pem
chmod +r /etc/ldap/abc_crt.pem
cp /etc/letsencrypt/live/abc.app/privkey.pem /etc/ldap/abc_key.pem
chmod +r /etc/ldap/abc_key.pem
ldapmodify -Y EXTERNAL -H ldapi:/// -f ldap/02_modify_ssl.ldif
vim /etc/default/slapd
SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
systemctl restart slapd
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:///
ldapwhoami -x -H ldaps://abc.app
anonymous
journalctl -efu slapd
ufw allow 636
ufw reload
ufw status numbered
ufw delete 9999 |
dpkg-reconfigure slapd
slapcat
ldapadd -x -D "cn=admin,dc=abc,dc=app" -W -f ldap/01_add_init.ldif
openssl s_client -connect abc.app:8080 -showcerts | head
openssl s_client -connect localhost:636 -showcerts
openssl x509 -outform der -in /etc/letsencrypt/live/abc.app/fullchain.pem -out /etc/ldap/sasl2/abc.crt
openssl pkey -in /etc/letsencrypt/live/abc.app/privkey.pem -out /etc/ldap/sasl2/abc.key
cp /etc/ssl/certs/ca-certificates.crt /etc/ldap/sasl2
chown -R openldap. /etc/ldap/sasl2
cp /etc/letsencrypt/live/abc.app/fullchain.pem /etc/ldap/abc_crt.pem
chmod +r /etc/ldap/abc_crt.pem
cp /etc/letsencrypt/live/abc.app/privkey.pem /etc/ldap/abc_key.pem
chmod +r /etc/ldap/abc_key.pem
ldapmodify -Y EXTERNAL -H ldapi:/// -f ldap/02_modify_ssl.ldif
vim /etc/default/slapd
SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
systemctl restart slapd
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:///
ldapwhoami -x -H ldaps://abc.app
anonymous
journalctl -efu slapd
ufw allow 636
ufw reload
ufw status numbered
ufw delete 9999