In order for Linux to perform ldapsearch over ssl, you need to import Active Directory CA certificate.
On ActiveDirectory run the following command:
> certutil -ca.cert adca.der
Copy adca.der into the Linux server and convert the cert into Linux friendly cert
# openssl x509 -inform DER -in adca.der -out adca.crt
Move the file into the default ca-trust directory
# cp adca.crt /etc/pki/ca-trust/source/anchors/
# update-ca-trust
You are ready to run ldapsearch over ssl to Active Directory
Assuming you ad server is adsvr.fosstech.biz for fosstech.biz domain, you can run ldapsearch as follow
# ldapsearch -x -W -H ldaps://adsvr.fosstech.biz -D "administrator@fosstech.biz" -b "dc=fosstech,dc=biz" *
Cheers!!!
On ActiveDirectory run the following command:
> certutil -ca.cert adca.der
Copy adca.der into the Linux server and convert the cert into Linux friendly cert
# openssl x509 -inform DER -in adca.der -out adca.crt
Move the file into the default ca-trust directory
# cp adca.crt /etc/pki/ca-trust/source/anchors/
# update-ca-trust
You are ready to run ldapsearch over ssl to Active Directory
Assuming you ad server is adsvr.fosstech.biz for fosstech.biz domain, you can run ldapsearch as follow
# ldapsearch -x -W -H ldaps://adsvr.fosstech.biz -D "administrator@fosstech.biz" -b "dc=fosstech,dc=biz" *
Cheers!!!
No comments:
Post a Comment