29,131
edits
Changes
m
→Google LDAP
Line 34:
Line 34:
# ''Install stunnel. For example, on Ubuntu:<code>$ sudo apt-get install stunnel4</code>''+# ''Create a configuration file /etc/stunnel/google-ldap.conf (that will contain the location of the certificates) with the following contents (assuming ldap-client.crt is the cert, and ldap-client.key is the key)+# To enable stunnel, edit /etc/default/stunnel4 and set ENABLED=1+# Restart stunnel.+# ''Configure your application to point to ldap://127.0.0.1:1636.You can replace “1636” with any unused port if you also change the accept line in the configuration file above. You'll need to use plaintext LDAP without StartTLS/SSL/TLS enabled between the client and stunnel, since they are communicating locally.''+
If you need to use Google LDAP, you may need to install STunnel to use a client LDAP certificate when connecting to Google LDAP:
If you need to use Google LDAP, you may need to install STunnel to use a client LDAP certificate when connecting to Google LDAP:
−* ''Install stunnel. For example, on Ubuntu:<code>$ sudo apt-get install stunnel4</code>''
−* ''Create a configuration file /etc/stunnel/google-ldap.conf (that will contain the location of the certificates) with the following contents (assuming ldap-client.crt is the cert, and ldap-client.key is the key)
<syntaxHighlight>
<syntaxHighlight>
Line 47:
Line 47:
</syntaxHighlight>
</syntaxHighlight>
−* To enable stunnel, edit /etc/default/stunnel4 and set ENABLED=1
−* Restart stunnel.
<syntaxHighlight>
<syntaxHighlight>
Line 55:
Line 55:
</syntaxHighlight>
</syntaxHighlight>
−* ''Configure your application to point to ldap://127.0.0.1:1636.You can replace “1636” with any unused port if you also change the accept line in the configuration file above. You'll need to use plaintext LDAP without StartTLS/SSL/TLS enabled between the client and stunnel, since they are communicating locally.''
''Note: If you choose to run stunnel on a separate server, you must configure your firewalls so that only the necessary applications can access your stunnel server. You can also configure stunnel to listen with TLS so that data between your application and stunnel servers is encrypted. The details of both of these configurations depend on your environment.''
''Note: If you choose to run stunnel on a separate server, you must configure your firewalls so that only the necessary applications can access your stunnel server. You can also configure stunnel to listen with TLS so that data between your application and stunnel servers is encrypted. The details of both of these configurations depend on your environment.''