Why do we need to use Stunnel with the Ldap Plugin and how do I configure the application ?
Pharos Ldap plugin has limitations when communicating across a ssl port 636, Pharos needs to use a third party application to complete the SSL connection. The plugin does not need Stunnel when connecting to a non SSL port like 389.
Stunnel
We need to install stunnel to make the connect from Novell server to the ldap plugin over ssl
Download stunnel from http://www.stunnel.org/download/binaries.html
(562589 Mar 11 13:02:35 2006 stunnel-4.15-installer.exe)
Install the application
We need to setup the config file copy and paste the details below
client=yes
key=stunnel.pem
cert=stunnel.pem
CAfile=ITSS.cer (The novel administrator will provide you with this information)
[stunnel]
connect=ldap-test.test.auckland.ac.nz:636 (The novel administrator will provide you with this information (636 is the ssl port for Novell))
accept=localhost:389
Copy the *.cer to the stunnel directory (c:\program files\stunnel)
Change the registry of the Ldap plugin
Go to [HKEY_LOCAL_MACHINE\SOFTWARE\Pharos\LDAP Plugin]
Change the hostname key to localhost
Example of the correct registry settings for the ldap plugin
[HKEY_LOCAL_MACHINE\SOFTWARE\Pharos\LDAP Plugin] "use anonymous bind"=dword:00000000 "use SSL"=dword:00000000 "base1"="ou=test,dc=test,dc=test,dc=test,dc=nz" "active directory"=dword:00000000 "hostname"="localhost" "root dn"="cn=esg-monitoring,ou=webapps,ou=ec,o=uoa" "root password"="test" "search scope1"=dword:00000002 "allow blank passwords"=dword:00000000Go to C:\program files\pharos\bin
Type the command below to test
LDAPLogin.exe [filename] [level] [username] [password]
You will be returned an OK
Install stunnel as a service (this option is available from stunnel)