TLS Security Setup
Caution – The cert7.db and key3.db files must be readable by everyone. Be sure not to include any private keys in the key3.db file.
If using TLS, the necessary security databases must be installed. In particular, the files cert7.db and key3.db are needed. The cert7.db file contains the database of trusted certificates. The key3.db file contains the client's keys. Although the LDAP naming service client does not use client keys, this file must be present.
Before running ldapclient, you should set up and install the needed security database files described in this section.
See the section 'Configuring LDAP Clients to Use SSL' in the Managing SSL chapter of the iPlanet Directory Server 5.1 Administrator's Guide for information on how to create and manage these files. Once configured, these files must be stored in the location expected by the LDAP naming service client. The attribute certificatePath is used to determine this location. This is by default /var/ldap.
For example, after setting up the necessary cert7.db and key3.db files using Netscape Communicator, copy them to the default location.
# cp $HOME/.netscape/cert7.db /var/ldap
# cp $HOME/.netscape/key3.db /var/ldap
Next, give everyone read access.
# chmod 444 /var/ldap/cert7.db
# chmod 444 /var/ldap/key3.db
Note –
Netscape will manage the cert7.db and key3.db in the $HOME/.netscape directory. Copies of these security databases must be stored on a local file system if you are using them for the LDAP naming service client.
- © 2010, Oracle Corporation and/or its affiliates