Setting Up TLS Security

The cert7.db and key3.db files must be readable by everyone. Do not to include any private keys in the key3.db file.

If using TLS, the necessary security databases must be installed. In particular, the files cert7.db and key3.db are needed. The cert7.db file contains the database of trusted certificates. The key3.db file contains the client's keys. Even if the LDAP naming service client does not use client keys, this file must be present.

Before running ldapclient, you should set up and install the needed security database files described in this section.

See the section about configuring LDAP clients to use SSL in the “Managing SSL” chapter of the Administrator's Guide for the version of Sun ONE Directory Server you are using. For information on how to create and manage these files. Once configured, these files must be stored in the location expected by the LDAP naming services client. The attribute certificatePath is used to determine this location. This is by default /var/ldap.

For example, after setting up the necessary cert7.db and key3.db files using Netscape Communicator^TM, copy the files to the default location.

# cp $HOME/.netscape/cert7.db /var/ldap
# cp $HOME/.netscape/key3.db /var/ldap

Next, give everyone read access.

# chmod 444 /var/ldap/cert7.db
# chmod 444 /var/ldap/key3.db

Netscape will manage the cert7.db and key3.db files in the $HOME/.netscape directory. Copies of these security databases must be stored on a local file system if you are using them for an LDAP naming services client.