You are here
fourmutts - Fri, 2014/02/28 - 00:24
I would like to setup a SSL cert on openldap for external connections but have openldap act as a proxy to AD via port 389.
On my firewall I will only allow priviledged IPs to connect to the openldap server. This is for vendors wanting to use single sign on, but we do not have a CAS server. Is the above scenerio possible?
Forum:
Tags:
Should be do-able
Not sure if this is the best way, but I would leave your server set up for both SSL and non-SSL connections. Then use the Linux Firewall (IPTables - preinstalled in TKL and configurable via Webmin using the 'Linux Firewall' UI) to block all connections to the non-SSL port, except from specified hosts (or range of hosts...)
Thanks. I will use the
Thanks. I will use the firewall (IPTables) and on my Edge firewall, I was only going to allow SSL connections from the outside.
Is OpenLDAP setup initially for SSL connections, or do I need to install the cert?
I have not used OpenLDAP appliance
So I can't give detailed comment. However assuming it is consistent with other TKL appliances (which I have no reason to doubt) then SSL is enabled by default and a unique (self-signed) certificate is auto-generated on firstboot (i.e. first time the appliance boots).
Add new comment