Configure LDAP over TLS to make connection

Configure LDAP over TLS to make connection be secure.
[1]	Create SSL certificate first. See here.
[2]	Configure LDAP Server.

[root@dlp ~]#  cp /etc/pki/tls/certs/server.key \ /etc/pki/tls/certs/server.crt \ /etc/pki/tls/certs/ca-bundle.crt \ /etc/openldap/certs/  [root@dlp ~]#  chown ldap. /etc/openldap/certs/server.key \ /etc/openldap/certs/server.crt \ /etc/openldap/certs/ca-bundle.crt [root@dlp ~]#  vi mod_ssl.ldif # create new dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/openldap/certs/ca-bundle.crt - replace: olcTLSCertificateFile olcTLSCertificateFile: /etc/openldap/certs/server.crt - replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/openldap/certs/server.key [root@dlp ~]#  ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif  SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" [root@dlp ~]#  vi /etc/sysconfig/slapd # line 9: add SLAPD_URLS="ldapi:/// ldap:///  ldaps:/// " [root@dlp ~]#  systemctl restart slapd

[3]	Configure LDAP Client for TLS connection.

[root@www ~]#  echo "TLS_REQCERT allow" >> /etc/openldap/ldap.conf  [root@www ~]#  echo "tls_reqcert allow" >> /etc/nslcd.conf  [root@www ~]#  authconfig --enableldaptls --update  getsebool: SELinux is disabled [root@www ~]#  exit  logout CentOS Linux 7 (Core) Kernel 3.10.0-123.20.1.el7.x86_64 on an x86_64 www login:  redhat  Password: Last login: Tue Aug 19 19:55:52 on ttyS0 [redhat@www ~]$  # logined normally