Configure the Administration Server to connect to an SSL-enabled Directory
3.
Server.
For information, see Managing Servers with Red Hat Console.
Optionally, ensure that each user of the Directory Server obtains and installs a
4.
personal certificate for all clients that will authenticate with SSL.
For information, see "Configuring LDAP Clients to Use SSL," on page 437.
For a complete description of SSL, Internet security, and certificates, check the
appendixes included in Managing Servers with Red Hat Console.
Command-Line Functions for Start TLS
You can specify that LDAP operations such as
ldapdelete
use certificate authentication. Using the command-line options, you can also
specify or enforce Start TLS, which which allows a secure connection to be enabled
on a cleartext port after a session has been initiated.
In the following example, a network administrator enforces Start TLS for a search
for Mike Connor's identification number:
ldapsearch -p 389 -ZZZ -P
"uid=mconnors" "(attribute=govIdNumber)"
where
certificate database, and certificate_name is the certificate.
NOTE
For information on the command-line options available, see the Red Hat Directory
Server Configuration, Command, and File Reference.
Troubleshooting Start TLS
With the
use SSL/TLS when communicating with an SSL-enabled server or to
enforces Start TLS, certificateDB gives the filename and path to the
-ZZZ
The
command enforces the use of Start TLS, and the server
-ZZZ
must respond that a Start TLS command was successful. If you use
the
command and the server does not support Start TLS, the
-ZZZ
operation is aborted immediately.
option, the following errors could occur:
-ZZ
ldapmodify
certificateDB
certificate_name
-N
Chapter 11
Command-Line Functions for Start TLS
,
, and
ldapsearch
-s base -b
Managing SSL and SASL
419