This blog post serves as a followup to Configuring a Basic LDAP Server + Client in Solaris 11. It covers creating self-signed certificates and enabling TLS for secure communication.
1) Enable ldaps:
Edit /lib/svc/method/ldap-olsapd Remove the following line: typeset -r SLAPD="/usr/lib/slapd -u ${LDAPUSR} -g ${LDAPGRP} -f ${CONF_FILE}" Add the following two lines in its place: typeset -r TYPE="ldap:/// ldaps:///" typeset -r SLAPD=`/usr/lib/slapd -u ${LDAPUSR} -g ${LDAPGRP} -f ${CONF_FILE} -h "${TYPE}"`2) Create certificates
# mkdir /etc/openldap/certs # cd /etc/openldap/certs # openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ -keyout server.key -out server.crt # chmod 400 server.* # chown openldap:openldap server.*3) Update slapd.conf
Add the following lines to the end of /etc/openldap/slapd.conf TLSCACertificateFile /etc/certs/ca-certificates.crt TLSCertificateFile /etc/openldap/certs/server.crt TLSCertificateKeyFile /etc/openldap/certs/server.key4) Restart LDAP server
# svcadm disable ldap/server # svcadm enable ldap/serverThat's it! Connect to your LDAP server on port 636.
10:23 PST - August 8, 2015