Table of Contents
Advertisement
Map the certificate's distinguished name to a distinguished name known by
4.
your directory.
This allows you to set access control for the client when it binds using this
certificate. This mapping process is described in Managing Servers with Red Hat
Console.
Allowing/Requiring Client Authentication
If you have configured Red Hat Console to connect to your Directory Server using
SSL and your Directory Server requires client authentication, you can no longer use
Red Hat Console to manage server applications. You will have to use the
appropriate command-line utilities instead.
However, if at a later date you wish to change your directory configuration to no
longer require but allow client authentication, so that you can use Red Hat Console,
you must follow these steps:
Stop Directory Server.
1.
For information on stopping and starting the server from the command-line,
see "Starting and Stopping the Server from the Command-Line," on page 38.
Modify the
2.
nsSSLClientAuth
For information on modifying entries from the command-line, see chapter 2,
"Creating Directory Entries."
Start Directory Server.
3.
You can now start Red Hat Console.
Configuring LDAP Clients to Use SSL
If you want all the users of your Directory Server to use SSL or certificate-based
authentication when they connect using LDAP client applications, you must make
sure they perform the following tasks:
•
Create a certificate database.
•
Trust the Certificate Authority (CA) that issues the server certificate.
cn=encryption,cn=config
attribute from
Configuring LDAP Clients to Use SSL
entry by changing the value of the
to
required
allowed
Chapter 11
.
Managing SSL and SASL
437
Advertisement
Table of Contents
Troubleshooting
