
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Setting Up the Server
|
227
tells slapd to listen on the loopback address (127.0.0.1) for ldap connections to the
default ldap port (TCP 389), and to listen on all local addresses for ldaps connec-
tions to the default ldaps port (TCP 636).
If you run Red Hat 7.3 or later, this is actually the default behavior: /etc/init.d/ldap
checks /etc/openldap/slapd.conf for TLS configuration information, and if it finds it,
sets the
-h option exactly like the one in the previous paragraph’s example. If you
run SUSE 8.1 or later, you can achieve the same thing by editing /etc/sysconfig/
openldap such that the value for
OPENLDAP_START_LDAPS is yes, and then editing /etc/
init.d/openldap to set the value for
SLAPD_URLS to ldap://127.0.0.1 (this variable is
defined early in the script, with a default value of ldap:///).
Other Linux distributions may have different ways of passing startup options like
-h
to slapd, but hopefully by now you get the idea and can figure out how to make
slapd’s listening-ports work the way you want them to.
Testing
So, does our TLS-enabled LDAP server actually work? A quick local test will tell us.
First, start LDAP:
/etc/init.d/ldap start
Next, use the ldapsearch command to do a simple query via loopback:
ldapsearch -x -H ldaps://localhost/ -b 'dc=wiremonkeys,dc=org' '(objectclass=*)' ...