fourmutts's picture

I would like to setup a SSL cert on openldap for external connections but have openldap act as a proxy to AD via port 389.  

 

On my firewall I will only allow priviledged IPs to connect to the openldap server.  This is for vendors wanting to use single sign on, but we do not have a CAS server.  Is the above scenerio possible?

Forum: 
Tags: 
Jeremy Davis's picture

Not sure if this is the best way, but I would leave your server set up for both SSL and non-SSL connections. Then use the Linux Firewall (IPTables - preinstalled in TKL and configurable via Webmin using the 'Linux Firewall' UI) to block all connections to the non-SSL port, except from specified hosts (or range of hosts...)

fourmutts's picture

Thanks.  I will use the firewall (IPTables) and on my Edge firewall, I was only going to allow SSL connections from the outside.

 

Is OpenLDAP setup initially for SSL connections, or do I need to install the cert?

Jeremy Davis's picture

So I can't give detailed comment. However assuming it is consistent with other TKL appliances (which I have no reason to doubt) then SSL is enabled by default and a unique (self-signed) certificate is auto-generated on firstboot (i.e. first time the appliance boots).

Add new comment