From owner-FreeBSD-users-jp@jp.FreeBSD.org Mon Apr  5 16:34:41 2004
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id i357Yf714252;
	Mon, 5 Apr 2004 16:34:41 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from seagull.tsubasa.co.jp (seagull.tsubasa.co.jp [202.230.52.10])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id i357Yed14223
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Mon, 5 Apr 2004 16:34:40 +0900 (JST)
	(envelope-from tyuu@tsubasa.co.jp)
Received: from ibis.tsubasa.co.jp ([10.10.2.10])
	by seagull.tsubasa.co.jp (8.12.10/8.12.8) with ESMTP id i357YXAj028960
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Mon, 5 Apr 2004 16:34:33 +0900 (JST)
Received: (from root@localhost)
	by ibis.tsubasa.co.jp (8.12.10/8.12.10) id i357YYxv001722
	for FreeBSD-users-jp@jp.FreeBSD.org; Mon, 5 Apr 2004 16:34:34 +0900 (JST)
Received: from localhost [127.0.0.1] by ibis.tsubasa.co.jp with SMTP id SAA01721 ; Mon, 5 Apr 2004 16:34:34 +0900
Message-Id: <20040405.163434.104115477.tyuu@tsubasa.co.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
From: Hiroshi Morita <tyuu@tsubasa.co.jp>
In-Reply-To: <20040405.143628.102583299.hiraga@noc.sony.co.jp>
References: <20040405.125607.08315395.hiraga@noc.sony.co.jp>
	<20040405.133959.130159795.tyuu@tsubasa.co.jp>
	<20040405.143628.102583299.hiraga@noc.sony.co.jp>
X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Mon, 05 Apr 2004 16:34:34 +0900
X-Sequence: FreeBSD-users-jp 78789
Subject: [FreeBSD-users-jp 78789] Re: net/openldap22-server/Makefile
 =?ISO-2022-JP?B?GyRCJEskRCQkJEYbKEI=?=
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: tyuu@tsubasa.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+040307

tyuu@$BMc%7%9%F%`$G$9!#(B

> > % ldapsearch -H ldaps://10.10.40.208/
> 
> $B%[%9%HL>$r(BIP$B%"%I%l%9$G$O$J$/%5!<%P>ZL@=q$N(Bcommon name$B$HF1$8$K$7$F$_$F$/(B
> $B$@$5$$!#$J$*!"$3$A$i$G$O(BIP$B%"%I%l%9$r;H$&$H%(%i!<$H$J$j$^$9!#(B

common name $B$r(B 10.10.40.208 $B$K$7$F$^$9!#(B
FQDN $B$G$J$$$H(B Error $B$,=P$k2DG=@-$O$"$j$^$9$M!#(B

$B$H;W$$(B bsd.tsubasa.co.jp $B$H$$$&(B common name $B$G:FEYD)@o$7$F$_$^$7$?!#(B
$B7kO@$H$7$F$O!"$d$O$j(B NG $B$H$$$&>u67$G$7$?!#(B

$B%m!<%+%k$+$i$N@\B3$H(B Windows2000 $B$+$i$N@\B3$O@.8y$9$k$N$G$9$,!"(B
XP $B$O!"BLL\$J$^$^$G$7$?!#(B


$B$H$j$"$($:4JC1$KN.$l$rJs9p!#(B
$B$b$7!">-Mh!"2r7h$G$-$?$i(B FreeBSD ML $B$K$bN.$7$?$$$H;W$$$^$9!#(B

$B$*A{$,$;$7$^$7$?!#(B

--------------------------------------------------
# cd /usr/local/etc/openldap
# mkdir cert
# cd cert
# /usr/local/bin/openssl req -new -nodes -keyout key.pem -out newreq.pem
...
JP $B$H$+;XDj$7$F(B
Common Name []: bsd.tsubasa.co.jp
...

# ls
key.pem   newreq.pem


# cd /usr/local/openssl/
# /usr/local/bin/openssl ca -policy policy_match -out newcert.pem \
  -infiles /usr/local/etc/openldap/cert/newreq.pem
Enter PEM pass phrase:
...
Signature ok
...
Sign the certificate? [y/n]: y
 1 out of 1 certificate requests certified, commit? [y/n]y
--------------------------------------------------


$B80$,$G$-$^$7$?$N$G!"(B
slapd.conf $B$K@_Dj$r2C$($^$7$?!#(B
--------------------------------------------------
TLSCipherSuite        HIGH:MEDIUM:+SSLv2
TLSCertificateFile    /usr/local/etc/openldap/cert/newcert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/cert/key.pem
--------------------------------------------------



============================================================
% ldapsearch -x -h bsd.tsubasa.co.jp -ZZ -b 'dc=tsubasa,dc=co,dc=jp' 'uid=*' 
# extended LDIF
#
# LDAPv3
# base <dc=tsubasa,dc=co,dc=jp> with scope sub
# filter: uid=*
# requesting: ALL
#

# search result
search: 3
result: 0 Success

# numResponses: 1


============================================================
$B$=$7$F!"F0:n3NG'!#(B
% ldapsearch -x -H ldaps://bsd.tsubasa.co.jp/ -b 'dc=tsubasa,dc=co,dc=jp' -s sub '(cn=H*)' -ZZ
# extended LDIF
#
# LDAPv3
# base <dc=tsubasa,dc=co,dc=jp> with scope sub
# filter: (cn=H*)
# requesting: -ZZ 
#

# Hiroshi Morita, info, tsubasa.co.jp
dn: cn=Hiroshi Morita,ou=info,dc=tsubasa,dc=co,dc=jp

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1




by tyuu.
