Environment
eDir 8.8.7
Situation
How to configure LDAP contextless login for encryption
LDAP contextless login for SSL
Resolution
1) Create a new KMO object. Consoleone | create object | select from the drop down list NDSPKI:Key Material | Choose/browse to the LDAP NCP server name/object | put in a name | do the defaults | Click finish
2) Export the TrustedRootCert
Note: My "SSL CertificateDNS" object did not present a Certificate Tab so I created a new KMO and taught the "ldap server" object to use this new KMO.
4) Configure the Ldap Contextless Login client:
To prove this is secured/SSL'd, I configured my "ldap group" object to not allow cleartext and turned on the dstrace for ldap.
Notice the TLS handshake of the certificate:
14:46:10 CC1ED040 LDAP: Work info status: Total:2 Peak:1 Busy:0
14:46:10 CC1ED040 LDAP: Thread pool status: Total:4 Peak:4 Busy:3
14:46:49 CC2E60A0 LDAP: New TLS connection 0xcc68f3c0 from 10.10.10.80:1037, monitor = 0x298, index = 1
14:46:49 CEA23380 LDAP: Monitor 0x298 initiating TLS handshake on connection 0xcc68f3c0
14:46:49 CEAA7440 LDAP: DoTLSHandshake on connection 0xcc68f3c0
14:46:49 CEAA7440 LDAP: Completed TLS handshake on connection 0xcc68f3c0
14:46:49 CEAA7440 LDAP: DoBind on connection 0xcc68f3c0
14:46:49 CEAA7440 LDAP: Treating simple bind with empty DN and no password as anonymous
14:46:49 CEAA7440 LDAP: Bind name:NULL, version:3, authentication:simple
14:46:49 CEAA7440 LDAP: Sending operation result 0:"":"" to connection 0xcc68f3c0
14:46:49 CEAA7440 LDAP: DoSearch on connection 0xcc68f3c0
4:46:49 CEAA7440 LDAP: Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
attribute: "directoryTreeName"
14:46:49 CEAA7440 LDAP: Sending search result entry "" to connection 0xcc68f3c0
14:46:49 CEAA7440 LDAP: Sending operation result 0:"":"" to connection 0xcc68f3c0
14:46:49 CEAA7440 LDAP: DoSearch on connection 0xcc68f3c0
14:46:49 CEAA7440 LDAP: Search request:
base: ""
scope:2 dereference:0 sizelimit:0 timelimit:20 attrsonly:0
filter: "(&(objectClass=inetOrgPerson)(|(cn=cxless1)))"