I have set up the AIX LDAP client on AIX 5.3.9 and it's working fine, using the descriptions in the Redbook for implementing LDAP in a heterogenous environment.
I added SSL encryption to the LDAP client demon's config and created a key-db and imported a signed certificate from our CA.
When I use ldapsearch with SSL and watch the traffic with tcpdump, everything is encrypted as it is supposed to be.
When issuing lsldap, the traffic is encrypted too.
When I try to login with an LDAP-only account, I can get on the system without problem, but the traffic is not encrypted at all. I can see in the tcpdump output everything uncrypted.
I tried a lot of different settings, but without success. Here is my current ldap.cfg:
I can't see what I am missing or having setup wrong. I checked many sites about the topic but they all don't give more information than the Redbook already. Thanks a lot for any hint.
That's just what it seems not to do when I do an ssh login with an LDAP based account. But I guess I found out what's going wrong, since there is a shell script being called doing an ldapsearch to sort out different loginshells based on ldapgroups etc.
Hi,
I just got another question on LDAP over SSL:
On Linux you can configure in ldap.cfg with "TLS_REQCERT = allow" that any CA is accepted. Is there any option to do that on AIX? I checked all possible options /etc/security/ldap/ldap.cfg and didn't find one that might be similar to that mentioned above on Linux.
Goal is to bypass the CA certificates that expire in 2 years causing an update etc. on more than 100 servers. We want to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.