LDAP and Self Signed SSL Certificates

At times you will need to use self-signed SSL certificates for services that are generally not public facing, primarily because it's convenient and saves a few thousand dollars every year, depending on the scale of your deployment.

By default, many LDAP services in Linux will reject self-signed certificates. To tell your machine otherwise, you need to add the following line to /etc/ldap/ldap.conf in Debian or Ubuntu and /etc/ldap.conf in Centos:

TLS_REQCERT allow

You should now have hassle free OpenLDAP via SSL connectivity.

OpenLDAP logo