[RADIATOR] LDAPS Certificate questions with AuthBy LDAP2
Mark Bassett
mbassett at intelius.com
Mon Jul 19 17:42:11 CDT 2010
My question is in regards to the SSLCAClientCert and SSLCAClientKey
parameters. What certificate files is it looking for? I have the CA
cert in /etc/openldap/cacerts.
Do I just need to generate a local certificate for the radiator server
to use and provide it's pem and key files?
It's currently working now with SSLVerify none, but I would like to
require verification.
<AuthBy LDAP2>
Identifier CheckAD
Host blablablaa
#SSLeayTrace 4
#Debug 255
Version 3
# Microsoft AD also listens on port 3268, and
# requests received on that port are reported to be
# more compliant with standfard LDAP, so you may want to use:
Port 636
UseSSL
SSLVerify none
SSLCAPath /etc/openldap/cacerts
AuthDN CN=BlaBlaBla,DC=com
# AuthPassword yourADadminpasswordhere
AuthPassword BLAHBLAH
BaseDN dc=blah,dc=com
ServerChecksPassword
UsernameAttr sAMAccountName
#PasswordAttr userPassword
#AuthAttrDef logonHours,MS-Login-Hours,check
</AuthBy>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100719/5a96ac87/attachment.html
More information about the radiator
mailing list