29,131
edits
Changes
m
→Installation
Line 28:
Line 28:
= Installation =
= Installation =
{{NoInstallModuleEn}}
{{NoInstallModuleEn}}
+
+
+== Google LDAP ==
+
+If you need to use Google LDAP, you may need to install STunnel to use a client LDAP certificate when connecting to Google LDAP:
+
+# ''Install stunnel. For example, on Ubuntu:<code>$ sudo apt-get install stunnel4</code>''
+
+# ''Create a configuration file /etc/stunnel/google-ldap.conf (that will contain the location of the certificates) with the following contents (assuming ldap-client.crt is the cert, and ldap-client.key is the key)
+
+<syntaxHighlight>
+[ldap]
+client = yes
+accept = 127.0.0.1:1636
+connect = ldap.google.com:636
+cert = ldap-client.crt
+key = ldap-client.key''
+</syntaxHighlight>
+
+# To enable stunnel, edit /etc/default/stunnel4 and set ENABLED=1
+
+# Restart stunnel.
+
+<syntaxHighlight>
+sudo /etc/init.d/stunnel4 restart
+</syntaxHighlight>
+
+# ''Configure your application to point to ldap://127.0.0.1:1636.You can replace “1636” with any unused port if you also change the accept line in the configuration file above. You'll need to use plaintext LDAP without StartTLS/SSL/TLS enabled between the client and stunnel, since they are communicating locally.''
+
+''Note: If you choose to run stunnel on a separate server, you must configure your firewalls so that only the necessary applications can access your stunnel server. You can also configure stunnel to listen with TLS so that data between your application and stunnel servers is encrypted. The details of both of these configurations depend on your environment.''
= Configuration =
= Configuration =