Software Archive
Read-only legacy content
17061 Discussions

ldaps connection

Jan_N_
Beginner
‎08-05-2015 08:57 AM
383 Views

Hi all 

i would like to use mic checking users from ldap  server.

this is what works:

root@serverX-mic0 ~]# cat /etc/ldap.conf 
URI ldap://192.168.1.12
BASE ou=domain1,ou=domain2,dc=domain3,dc=org
binddn    cn=micuser,ou=users,ou=domain1,ou=domain2,dc=domain3,dc=org
bindpw    password:)
bind_policy soft

but i need to use ssl or tls. Is it possible?

Next. In ldap database there are only user's public keys not passwords. Could mic use something to authenticate this users?

thanks

Jan

0 Kudos

Link Copied

1 Reply
JJK
New Contributor III
‎08-06-2015 02:17 PM
383 Views

I've never used ldap on the Phi but to use ldaps I would try something like:

URI ldaps://192.168.1.12
ssl on
tls_cacertfile <full path to CA certificate used to sign certificate of ldaps server>

 

As for your 'next' question: I am not sure if this is possible, even on a regular Linux host.

LDAP authentication requires a username and a password, but an LDAP directory may also contain public keys - those can be used to populate the right authorized_keys files, so that users can log in using their ssh keys. I've never seen anyone do that in one go.

My advice would be to make it work on a regular host first, and then try to port that setup to the Phi.


 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.