LDAP + TLS and Common Server Certificate

Hi all!
I’m new user of openSuse.
I’m trying to configure LDAP + TLS with yast2 but I’m in trouble with Common Server Certificate.
I noticed that during installation of openSuse 11.3 it didn’t create CA, so, as soon as the system was installed, I created YaST_Default_CA following the first passes of this guide:

How to recreate SMT 11 CA and server certificate

Next, I started configuring LDAP Server whith Yast, and in the second page I clicked on “Enable TLS” but it didn’t let me to click on “Use Common Server Certificate”

So, the question is: how to enable Use Common Server Certificate ???

Thanks to all!!

Hi
For it not to create the CA during install seems to be an error. During
the install did you not 1. Reconfigure/or add a CA to use, then also
during the install setup openldap?


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
up 1 day 17:25, 3 users, load average: 0.17, 0.13, 0.06
GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21

I didn’t setup any ldap configuration during installation, so no CA was added during installation.
I’ve reinstalled the system right today, and if I dont’ setup ldap, it doesn’t ask me to create CA.
Isn’t possible to create it after installation???
I’m using openSuse 11.3

Hi
During the install when you get to the ‘Add User’ did you select ldap
here, then also go into the software and add the YaST CA module?


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
up 3 days 12:22, 2 users, load average: 0.08, 0.11, 0.09
GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21

No.
As I write before, I didn’t setup any ldap configuration during installation because I wanted to do it after;
so, when I get to the “Ass User”, I only filled the username and password field.
It seems I can add Server Common Certficate but it doesn’t let me use it as the Server Common Certficate in Yast

This will kick in the LDAP configuration, if you select the advanced
configuration you can browse to your certificates which you could pre
make?) and load.


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
up 3 days 12:56, 2 users, load average: 0.25, 0.53, 1.60
GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21

Hi
But the system needs to use LDAP for the first user authentication
(aside from root) so it wants to run using LDAP for that user else it
will default to the password file and not LDAP.

I just did a test install in a VM, I selected users to use LDAP and
skipped the adding users to it. I also added via software the YaST
modules, CA Management and LDAP server along with openldap2.

Skipping adding the ldap server gave me just the root user on the
system along with no CA. Create a CA, then opening the YaST LDAP Server
module then allowed me to add the certificates and enable TLS/SSL.


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
up 3 days 13:37, 2 users, load average: 0.31, 1.23, 2.51
GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21

Hi!
Maybe I’m not been so clear, so I try to clarify what I’ve done.

1 - Installing opensuse 11.3 x86_64
2 - User Section sets as local login, NO LDAP and no SUDO for the user, so I also put root password
3 - After installation, updating system with online updater
4 - Installed DHCP and DNS server, file server and directory server packages
5 - Created Server Common Certificate (YaST_Default_CA) with yast ca-management (as show in How to recreate SMT 11 CA and server certificate)
6 - During LDAP Server configuration, flag on “Enable TLS”
7 - Unable to flag “Use Common Server Certificate”

I don’t want to setup LDAP during installation and it doesn’t let me to setup any certificates during installation.
Maybe it’s a bug or the guide I followed to create Server Common Certificate is not valid for opensuse 11.3 … (for SLES11 it works)

Any ideas to enable Server Common Certficate?

Me too: I can add .pem files browsing on the file system, but can you put a flag on a “Use Server Common Certificate”?

Hi
I’m not able to access my VM (not at home until Sunday) from memory I
could browse to both (maybe advanced screen) and I’m sure on the first
part there was the ability to add/browse to the certificate via URL
which I think may be what your after.

I’m still not sure your reason to not configure both LDAP CA etc during
the install as that just works for me…


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (i586) Kernel 2.6.32.24-0.2-pae
up 12:02, 2 users, load average: 0.08, 0.10, 0.03
ASUS eeePC 1000HE ATOM N280 1.66GHz | GPU Mobile 945GM/GMS/GME

Ok, I’m waiting for you :wink:

I don’t want to setup LDAP and CA during installation because I have to clone the disk, so I need a clean installation to configure from time to time.

I have some news: in Yast2, if I open the Common Server Certificate Section, it tells me that “Common Server Certificate not found. You can import a certificate from disk” so I unterstood that the certificate I’ve done is not set as the default server one.
To solve the problem, I open CA Management, exported my Server Certficate as a .p12 file and then imported it as the Common Server Certificate in the homonymous section

Hi
What I think you need to do is create your machine with just the root
user, but use LDAP rather than the /etc/passwd file when the user tab
come up. Root user will not use LDAP.

I would then use a separate machine to manage your CA’s and server
certificates. All you need to do is build the machine, then you can
upload your CA and server certificates to the system and setup
everything else.

As can be see in the following screenshots, you need to enable TLS and
select the CA Management to upload your ‘pre built’ CA etc.
http://thumbnails27.imagebam.com/11071/ac2bc0110705203.jpg](ImageBam)
http://thumbnails33.imagebam.com/11071/40052a110705209.jpg](ImageBam)
http://thumbnails35.imagebam.com/11071/a1f020110705218.jpg](ImageBam)

Maybe look at using SUSE Studio (http://susestudio.com) to build the
machine to your requirements (you can test it as well on SUSE Studio)?


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
up 15:29, 2 users, load average: 0.03, 0.10, 0.13
GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21