Introduction

OpenLDAP Software is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project.

Installation

1. Request Firewall Rule. Send the hostname of your LDAP client machine to the EIS auth team. Ask them to add a firewall rule to allow your LDAP client machine to contact the UB secure LDAP server or you'll see errors like:

   
   ldap_bind: Can't contact LDAP server (-1)
   
   

2. Install and configure the system-wide OpenSSL service. On a UB FreeBSD system, /usr/local/etc/openldap/ldap.conf contains:

   
   #
   # LDAP Defaults
   #
   
   # See ldap.conf(5) for details
   # This file should be world readable but not world writable.
   
   #BASE   dc=example, dc=com
   BASE    dc=buffalo, dc=edu
   #URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
   URI     ldaps://128.205.5.3:636
   
   # Mark Valites from EIS told us about this fix.
   TLS_REQCERT allow
   
   #SIZELIMIT      12
   #TIMELIMIT      15
   #DEREF          never
   
   

Test

1. Test the correctness of your installation with any commands that communicate with the UB secure LDAP server:

   
   % ldapsearch -LLL "(sn=smith)"
   
   

2. Test secure LDAP. Replace USERID and PASSWORD with your credentials.

   % ldapsearch -x -LLL -H ldaps://ubldap.buffalo.edu -w'PASSWORD' -D "uid=USERID,ou=People,dc=buffalo,dc=edu" -b"dc=buffalo,dc=edu" '(uid=USERID)'

References

1. http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
2. http://en.wikipedia.org/wiki/Openldap