LDAP and Transport Layer Security
OpenLDAP memberOf overlay + memberof overlay
dpkg-reconfigure slapd slapcat ldapadd -x -D "cn=admin,dc=abc,dc=app" -W -f ldap/01_add_init.ldif openssl s_client -connect abc.app:8080 -showcerts | head openssl s_client -connect localhost:636 -showcerts openssl x509 -outform der -in /etc/letsencrypt/live/abc.app/fullchain.pem -out /etc/ldap/sasl2/abc.crt openssl pkey -in /etc/letsencrypt/live/abc.app/privkey.pem -out /etc/ldap/sasl2/abc.key cp /etc/ssl/certs/ca-certificates.crt /etc/ldap/sasl2 chown -R openldap. /etc/ldap/sasl2 cp /etc/letsencrypt/live/abc.app/fullchain.pem /etc/ldap/abc_crt.pem chmod +r /etc/ldap/abc_crt.pem cp /etc/letsencrypt/live/abc.app/privkey.pem /etc/ldap/abc_key.pem chmod +r /etc/ldap/abc_key.pem ldapmodify -Y EXTERNAL -H ldapi:/// -f ldap/02_modify_ssl.ldif vim /etc/default/slapd SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///" systemctl restart slapd ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// ldapwhoami -x -H ldaps://abc.app anonymous journalctl -efu slapd ufw allow 636 ufw reload ufw status numbered ufw delete 9999 |