LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

updated

This commit is contained in:
gferg 2003-09-03 17:09:40 +00:00
parent 627b146b53
commit 76a0838f14
1 changed files with 38 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
LDP/howto/docbook/Apache-WebDAV-LDAP-HOWTO.xml
View File

@ -13,9 +13,9 @@
<surname>Ali</surname>
<affiliation>
<address>
<email>saqib@seagate.com</email>
<ulink url="http://www.xml-dev.com">Offshore XML/XHTML Development</ulink>
<email>saqib@seagate.com</email>
</address>
<orgname><ulink url="http://www.xml-dev.com">Offshore XML/XHTML Development</ulink></orgname>
</affiliation>
</author>
@ -116,13 +116,13 @@
The tools needed to achieve this objective are:</para>
<orderedlist numeration="lowerroman">
<listitem>C Compiler e.g. GCC</listitem>
<listitem>Apache 2 Web Server</listitem>
<listitem>LDAP Module for Apache</listitem>
<listitem>iPlanet LDAP lib files</listitem>
<listitem>SSL engine</listitem>
<listitem>PHP</listitem>
<listitem>mySQL DB Engine</listitem>
<listitem><para>C Compiler e.g. GCC</para></listitem>
<listitem><para>Apache 2 Web Server</para></listitem>
<listitem><para>LDAP Module for Apache</para></listitem>
<listitem><para>iPlanet LDAP lib files</para></listitem>
<listitem><para>SSL engine</para></listitem>
<listitem><para>PHP</para></listitem>
<listitem><para>mySQL DB Engine</para></listitem>
</orderedlist>
<note><title>Note:</title><para>All of these packages are free and are available for download on the net.</para></note>
@ -132,8 +132,8 @@ The tools needed to achieve this objective are:</para>
<sect2><title>Assumptions</title>
<para> This document assumes that you have the following already installed on your system.</para>
<orderedlist numeration="lowerroman">
<listitem>gzip or gunzip - available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink></listitem>
<listitem>gcc and GNU make - available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink></listitem>
<listitem><para>gzip or gunzip - available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink></para></listitem>
<listitem><para>gcc and GNU make - available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink></para></listitem>
</orderedlist>
</sect2>
</sect1>
@ -177,7 +177,7 @@ Download the iPlanet LDAP SDK from <ulink url="http://wwws.sun.com/software/down
<sect3><title>iPlanet LDAP SDK</title>
<para>Become root by using the su command:</para>
<screen><command>$ su -</command></screen>
<para>Create the <filename type="directory">/usr/local/iplanet-ldap-sdk.5</filename> directory. Copy the <filename>ldapcsdk5.08-Linux2.2_x86_glibc_PTH_OPT.OBJ.tar.gz</filename> form <filename type="directory">/tmp/downloads</filename> to <filename type="directory">/usr/local/iplanet-ldap-sdk.5</filename> directory.</para>
<para>Create the <filename class="directory">/usr/local/iplanet-ldap-sdk.5</filename> directory. Copy the <filename>ldapcsdk5.08-Linux2.2_x86_glibc_PTH_OPT.OBJ.tar.gz</filename> form <filename class="directory">/tmp/downloads</filename> to <filename class="directory">/usr/local/iplanet-ldap-sdk.5</filename> directory.</para>
<screen>
<command># mkdir /usr/local/iplanet-ldap-sdk.5</command>
<command># cp /tmp/downloads/ldapcsdk5.08-Linux2.2_x86_glibc_PTH_OPT.OBJ.tar /usr/local/iplanet-ldap-sdk.5</command>
@ -200,7 +200,7 @@ Download the iPlanet LDAP SDK from <ulink url="http://wwws.sun.com/software/down
<command># make test</command>
<command># make install</command>
</screen>
<para>Upon successful completion of the <command>make install</command> the openssl binaries should reside in <filename type="directory">/usr/local/ssl</filename></para>
<para>Upon successful completion of the <command>make install</command> the openssl binaries should reside in <filename class="directory">/usr/local/ssl</filename></para>
</sect3>
</sect2>
@ -235,7 +235,7 @@ mysql 3256 3237 0 May29 ? 00:06:58 /usr/local/mysql/bin/mysqld --de
</screen>
</sect3>
<sect3><title>Locating Data Directory</title>
<para>mySQL deamon stores all the information in a direcory called "Data Directory". If you followed the installation instructions above, your Data Directory should be located under <filename type="directory">/use/local/mysql/data</filename>.</para>
<para>mySQL deamon stores all the information in a direcory called "Data Directory". If you followed the installation instructions above, your Data Directory should be located under <filename class="directory">/use/local/mysql/data</filename>.</para>
<para>To locate where your Data Directory is located, use the <command>mysqladmin</command> utility as follows:</para>
<screen>
<command># /usr/local/mysql/bin/mysqladmin variables -u root --password={your_password} | grep datadir</command>
@ -728,7 +728,7 @@ An optional company name []:
<note><title>"PRNG not seeded"</title><para>If you do not have <filename>/dev/random</filename> on your system you will get a <emphasis>"PRNG not seeded"</emphasis> error message. In that case you can use the following command:</para>
<screen><command># /usr/local/ssl/bin/openssl req -rand <emphasis>some_file.ext</emphasis> -new -nodes -keyout private.key -out public.csr </command>
<screen><command># /usr/local/ssl/bin/openssl req -rand <filename>some_file.ext</filename> -new -nodes -keyout private.key -out public.csr </command>
</screen>
<para>Replace some_file.ext with the name of a existing file on your file system. Any file can be specified. Openssl will use that file to generate the seed</para>
</note>
@ -753,24 +753,25 @@ Note: Your Common Name (CN) is the Fully Qualified DNS (FQDN) name of your webse
<para>Once the Certification Authority processes your request, they will send an encoded certificate (Digital Certificate) back to you. The Digital Certificate is in the format defined by X.509 v3. The following shows the structure of a typical X509 v3 Digital Certificate</para>
<itemizedlist mark='opencircle'>
<listitem>Certificate
<itemizedlist mark='opencircle'><listitem>Version</listitem><listitem>Serial Number</listitem><listitem>Algorithm ID</listitem><listitem>Issuer</listitem>></itemizedlist>
<listitem><para>Certificate
<itemizedlist mark='opencircle'><listitem><para>Version</para></listitem><listitem><para>Serial Number</para></listitem><listitem><para>Algorithm ID</para></listitem><listitem><para>Issuer</para></listitem></itemizedlist>
<itemizedlist mark='opencircle'>
<listitem>Validity</listitem>
<listitem><itemizedlist mark='opencircle'><listitem>Not Before</listitem><listitem>Not After</listitem></itemizedlist></listitem>
<listitem><para>Validity</para></listitem>
<listitem><para><itemizedlist mark='opencircle'><listitem><para>Not Before</para></listitem><listitem><para>Not After</para></listitem></itemizedlist></para></listitem>
</itemizedlist>
<itemizedlist mark='opencircle'><listitem>Subject</listitem></itemizedlist>
<itemizedlist mark='opencircle'><listitem><para>Subject</para></listitem></itemizedlist>
<itemizedlist mark='opencircle'>
<listitem>Subject Public Key Info</listitem>
<listitem><itemizedlist mark='opencircle'><listitem>Public Key Algorithm</listitem><listitem>RSA Public Key</listitem></itemizedlist></listitem>
<listitem><para>Subject Public Key Info</para></listitem>
<listitem><para><itemizedlist mark='opencircle'><listitem><para>Public Key Algorithm</para></listitem><listitem><para>RSA Public Key</para></listitem></itemizedlist></para></listitem>
</itemizedlist>
<itemizedlist mark='opencircle'><listitem>Extensions</listitem></itemizedlist>
</listitem>
<listitem>Certificate Signature Algorithm</listitem>
<listitem>Certificate Signature</listitem>
<itemizedlist mark='opencircle'><listitem><para>Extensions</para></listitem></itemizedlist>
</para></listitem>
<listitem><para>Certificate Signature Algorithm</para></listitem>
<listitem><para>Certificate Signature</para></listitem>
</itemizedlist>
<sect3><title>Verifying a Digital Certificate</title>
<sect3><title>Verifying a Digital Certificate</title>
<para>To verify a X.509 Certificate use the following command</para>
<screen><command># openssl verify <filename>server.crt</filename></command>
server.crt: OK </screen>
@ -803,13 +804,12 @@ Certificate:
</screen>
</sect3>
<para> You will need to place this certificate on the server, and tell Apache where to find it.</para>
<para>For this example, the Private Key is placed in the <filename type="directory">/usr/local/apache2/conf/ssl.key/</filename> directory, and the Sever Certificate is placed in the <filename type="directory">/usr/local/apache2/conf/ssl.crt/</filename>.</para>
<para>Copy the file received from the Certification to a file called <filename>server.crt</filename> in the <filename type="directory">/usr/local/apache2/conf/ssl.crt/</filename>.</para>
<para>And place the private.key generated in the previous step in the <filename type="directory">/usr/local/apache2/conf/ssl.key/</filename></para>
<para>Then modify the <filename type="directory">/usr/local/apache2/conf/ssl.conf</filename> to point to the correct Private Key and Server Certificate files:</para>
<para>For this example, the Private Key is placed in the <filename class="directory">/usr/local/apache2/conf/ssl.key/</filename> directory, and the Sever Certificate is placed in the <filename class="directory">/usr/local/apache2/conf/ssl.crt/</filename>.</para>
<para>Copy the file received from the Certification to a file called <filename>server.crt</filename> in the <filename class="directory">/usr/local/apache2/conf/ssl.crt/</filename>.</para>
<para>And place the private.key generated in the previous step in the <filename class="directory">/usr/local/apache2/conf/ssl.key/</filename></para>
<para>Then modify the <filename class="directory">/usr/local/apache2/conf/ssl.conf</filename> to point to the correct Private Key and Server Certificate files:</para>
<screen>
# Server Certificate:
@ -830,6 +830,7 @@ Certificate:
<emphasis role="strong">SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/private.key</emphasis>
#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server-dsa.key
</screen>
</sect3>
</sect2>
@ -892,11 +893,10 @@ One way to secure the decrypted Private Key is to make readable only by the root
</listitem>
</orderedlist>
</sect2>
</sect1>
<sect2><title>Glossary of PKI Terms</title>
<glossary><title>Glossary of PKI Terms</title>
<glossary id="glossary"><title>Glossary of PKI Terms</title>
<glossdiv><title>A</title>
@ -972,7 +972,7 @@ One way to secure the decrypted Private Key is to make readable only by the root
<para>Public Key is the Key in Asymmetric Cryptography that is widely distributed. Can be used for encryption or decryption</para>
</glossdef>
</glossentry>
<glossentry id="end_entity"><glossterm>Public Key Infrastructure (PKI)</glossterm>
<glossentry id="pki"><glossterm>Public Key Infrastructure (PKI)</glossterm>
<acronym>PKI</acronym>
<glossdef>
<para>Public Key Infrastructure</para>
@ -982,7 +982,7 @@ One way to secure the decrypted Private Key is to make readable only by the root
<glossdiv><title>S</title>
<glossentry id="end_entity"><glossterm>Secure Socket Layer (SSL)</glossterm>
<glossentry id="sslayer"><glossterm>Secure Socket Layer (SSL)</glossterm>
<acronym>SSL</acronym>
<glossdef>
<para>Secure Socket Layer (SSL) is a security protocol that provides authentication (Digital Certificate), confidentiality (encryption), and data integrity (Message Digest - MD5, SHA etc).</para>
@ -999,10 +999,5 @@ One way to secure the decrypted Private Key is to make readable only by the root
</glossary>
</sect2>
</sect1>
</article>