Stunnel Overview and Configuration

Why do we need to use Stunnel with the Ldap Plugin and how do I configure the application ?

Pharos Ldap plugin has limitations when communicating across a ssl port 636, Pharos needs to use a third party application to complete the SSL connection. The plugin does not need Stunnel when connecting to a non SSL port like 389.

Stunnel

We need to install stunnel to make the connect from Novell server to the ldap plugin over ssl

1. Download stunnel from http://www.stunnel.org/download/binaries.html

   (562589 Mar 11 13:02:35 2006 stunnel-4.15-installer.exe)

2. Install the application

3. We need to setup the config file copy and paste the details below

   client=yes

   key=stunnel.pem

   cert=stunnel.pem

   CAfile=ITSS.cer (The novel administrator will provide you with this information)

   [stunnel]

   connect=ldap-test.test.auckland.ac.nz:636 (The novel administrator will provide you with this information (636 is the ssl port for Novell))

   accept=localhost:389

4. Copy the *.cer to the stunnel directory (c:\program files\stunnel)

5. Change the registry of the Ldap plugin

   1. Go to [HKEY_LOCAL_MACHINE\SOFTWARE\Pharos\LDAP Plugin]

   2. Change the hostname key to localhost

   Example of the correct registry settings for the ldap plugin

   [HKEY_LOCAL_MACHINE\SOFTWARE\Pharos\LDAP Plugin]
   
   "use anonymous bind"=dword:00000000
   
   "use SSL"=dword:00000000
   
   "base1"="ou=test,dc=test,dc=test,dc=test,dc=nz"
   
   "active directory"=dword:00000000
   
   "hostname"="localhost"
   
   "root dn"="cn=esg-monitoring,ou=webapps,ou=ec,o=uoa"
   
   "root password"="test"
   
   "search scope1"=dword:00000002
   
   "allow blank passwords"=dword:00000000

6. Go to C:\program files\pharos\bin

Type the command below to test

LDAPLogin.exe [filename] [level] [username] [password]

You will be returned an OK

Install stunnel as a service (this option is available from stunnel)