Configuring ldap client, need cert

SUSE Product Topics SLES Networking
1

I am configuring my first SLES11SP2 server today and the LDAP configuration has got me stopped in my tracks. There’s a new button on the “yast2 ldap” screen that is “Download CA Certificate” and a new section in the Advanced page that has a blank for Certificate Directory and CA Certificate File. How and where do I get the information needed for these? I really need more information about certificates in SLES in general if anyone has a link for documentation of same. I’m clueless when it comes to certs and how they are used and where they come from, etc.

Thanks,
Toney.

2

Hi
Your subject is confusing LDAP Client, or are you talking about a LDAP
server?

If it’s a server, then all is normally done during the install (CA Root
Certificate).


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 3.0.13-0.27-default
up 1 day 3:54, 2 users, load average: 0.00, 0.01, 0.05
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

3

[QUOTE=malcolmlewis;3485]Your subject is confusing LDAP Client, or are you talking about a LDAP
server?[/QUOTE]

LDAP client.

-Toney.

4

Hi
Have a read here;
http://www.suse.com/documentation/sles11/singlehtml/book_security/book_security.html#sec.ldap.yast.client
http://www.suse.com/documentation/sles11/singlehtml/book_security/book_security.html#sec.ldap.yast.client.conf.basic

The certificates should come from the LDAP server your connecting to
(if they are needed).


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 3.0.13-0.27-default
up 1 day 5:32, 3 users, load average: 0.22, 0.11, 0.07
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

5

Ok. I unchecked the TLS/SSL box and was able to continue. Thanks!

However… If I want to use SSL I’ll need the cert. I understand that they need to come from the LDAP server, but where? It asks for a “CA Certificate URL for Download”, what should that URL be? I’ve tried http://LDAPServerName and https://LDAPServerName but neither works.

Thanks,
Toney.

6

The Internet is great. I was trying to get this fixed today and thought I would come here and post the question only to find that I already did it!

Specifically, I need more information on section 4.4.1.4.

:smiley:
Toney.

7

I know it’s an old thread, but I have come across questions like this before. The first tab/page where you can click “Download CA Certificate” is used to retrieve a certificate that you have already exported and placed somewhere.
Then, when you go into to the “Advanced Configuration”, you have 2 options…“Certificate Directory” and “CA Certificate file”. So the first allows you to choose a folder to store multiple Certificates (in a folder) the other allows you to select a specific issuing CA certificate for the connection…that’s how I understand it. So in any case, I would say, you need to export the certificate first, you can’t use the config tool to connect and then store the certificate locally.