Apache

The Apache Web server that is installed with OES is not configured as an LDAP client by default. The /etc/opt/novell/httpd/conf/httpd.conf file contains an LDAP section toward the end that has been commented out. This can be modified to turn on LDAP authentication and configure the settings. The file can point to either a .b64 or .der certificate for server authentication.

To enable HTTPS connectivity, the OES install creates a default certificate using OpenSSL and adds it to the JVM^* (keytool) for Tomcat to use.

iManager 2.5 and Virtual Office

Virtual Office requires that iManager is installed and configured. Both products use LDAP over SSL, meaning that all communications with the LDAP server are encrypted.

However, if server authentication is not configured, iManager retrieves a certificate from the server and then uses that certificate for encryption.

If server authentication is configured, the administrator can add the server’s exported certificate to the JVM CACerts keystore using the Java* keytool tool.

Linux User Management (LUM)

LUM looks for certificates in /var/nam. The certificates are named IP.cer or DNS.der, where IP and DNS represent the IP address and DNS name of the server, respectively.

LUM automatically retrieves a certificate if one is not supplied.

You can edit the /etc/nam.conf file to change the name of the certificate file or the location to another directory on the file system. LUM uses .der files.