Home

Site Navigation
Identity & Access Projects Identity and Access Management Project Active Directory Remediation DNS Renewal Project Status Services Web Proxies Proxy Configuration Student Proxy DNS Resolving DNS Service Advertising DNS service Secondary DNS service IPAM Frequently asked questions Access Form Central Authentication Centaur DIT and Schema OpenLDAP client configuration Apache configuration PHP example Active Directory Active Directory Service Common Information FAQ Known Issues Information for IT Support Staff Information for End Users Account Registration System Known issues Decommissioned Services IPReg Frequently asked questions Access Form Past Projects IPAM Contact Details

Centaur - OpenLDAP configuration

If you are connecting to Centaur from a Unix system then you are probably using the OpenLDAP library. OpenLDAP provides LDAP functionality to a range of languages such as PHP, Perl, Ruby and applications like Apache mod_ldap.

During the process of establishing a secure SSL/TLS connection to Centaur, the OpenLDAP client will attempt to verify the authenticity of the certificate presented by the server. To configure your client to successfully connect to Centaur you will need to perform the following steps. These details are correct for Redhat EL4 but the paths may vary for other Unix variants:

Install the Centaur CACert in the directory /etc/openldap/cacerts
Set the following options in the file /etc/openldap/ldap.conf
```
TLS_REQCERT demand
TLS_CACERTDIR /etc/openldap/cacerts
```

If you experience problems with certificate verification then you can disable it with the following option in /etc/openldap/ldap.conf:

TLS_REQCERT never

top of page

Information Services Identity & Access

Site Navigation

Centaur - OpenLDAP configuration

Information Services
Identity & Access