Command-Line Functions for Start TLS
Chapter 11
Managing SSL and SASL
419
3.
Configure the Administration Server to connect to an SSL-enabled Directory
Server.
For information, see
Managing Servers with Red Hat Console
.
4.
Optionally, ensure that each user of the Directory Server obtains and installs a
personal certificate for all clients that will authenticate with SSL.
For information, see “Configuring LDAP Clients to Use SSL,” on page 437.
For a complete description of SSL, Internet security, and certificates, check the
appendixes included in
Managing Servers with Red Hat Console
.
Command-Line Functions for Start TLS
You can specify that LDAP operations such as
ldapmodify
,
ldapsearch
, and
ldapdelete
use SSL/TLS when communicating with an SSL-enabled server or to
use certificate authentication. Using the command-line options, you can also
specify or enforce Start TLS, which which allows a secure connection to be enabled
on a cleartext port after a session has been initiated.
In the following example, a network administrator enforces Start TLS for a search
for Mike Connor’s identification number:
ldapsearch -p 389 -ZZZ -P
certificateDB
-N
certificate_name
-s base -b
"uid=mconnors" "(attribute=govIdNumber)"
where
-ZZZ
enforces Start TLS,
certificateDB
gives the filename and path to the
certificate database, and
certificate_name
is the certificate.
For information on the command-line options available, see the
Red Hat Directory
Server Configuration, Command, and File Reference
.
Troubleshooting Start TLS
With the
-ZZ
option, the following errors could occur:
NOTE
The
-ZZZ
command enforces the use of Start TLS, and the server
must respond that a Start TLS command was successful. If you use
the
-ZZZ
command and the server does not support Start TLS, the
operation is aborted immediately.
Summary of Contents for DIRECTORY SERVER 7.1
Page 1: ...Administrator s Guide Red Hat Directory Server Version7 1 May 2005 Updated February 2009 ...
Page 20: ...20 Red Hat Directory Server Administrator s Guide May 2005 Glossary 619 Index 635 ...
Page 22: ...22 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 26: ...26 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 78: ...Maintaining Referential Integrity 78 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 200: ...Assigning Class of Service 200 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 488: ...488 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 528: ...PTA Plug in Syntax Examples 528 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 572: ...572 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 612: ...Examples of LDAP URLs 612 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 634: ...634 Red Hat Directory Server Administrator s Guide May 2005 ...