Specifications
Setting Up SSL for LDAP Service
Using Server Admin, you can enable Secure Sockets Layer (SSL) for encrypted
communications between an Open Directory server’s LDAP directory domain and
computers that access it.
SSL uses a digital certicate to provide a certied identity for the server. You can use a
self-signed certicate or a certicate obtained from a certicate authority.
For information about dening, obtaining, and installing certicates on your server,
see Mac OS X Server Security Conguration.
SSL communications for LDAP use port 636. If SSL is disabled for LDAP service,
communications are sent as clear text on port 389.
To set up SSL communications for LDAP service:
1 Open Server Admin and connect to the Open Directory master or an Open Directory
replica server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Open Directory.
4 Click Settings, then click LDAP.
5 Select the Enable SSL checkbox.
6 Use the Certicate pop-up menu to choose an SSL certicate that you want LDAP
service to use.
The menu lists all SSL certicates installed on the server. To use a certicate not listed,
choose Manage Certicates from the pop-up menu. For more information about
certicates, see Advanced Server Administration.
7 Click Save.
For more information about exporting users and groups using Workgroup Manager
and on importing records of any type, see User Management.
Creating a Custom SSL Conguration for LDAP
SSL uses a digital certicate to provide a certied identity for the server. You can use
custom digital certicates to congure SSL for your network environment.
The following steps describe the command-line method for creating custom
certicates and provide instructions for implementing them in Server Admin.
19 0 Chapter 9 Maintaining Open Directory Services