- Make sure Net::LDAP is up to date ( min version 0.64 )
- cpan Net::LDAP
- Make sure IO::Socket::SSL is new enough (must be 1.998 or newer)
- cpan -f IO::Socket::SSL ( -f is because some tests don't pass on some VMs )
Copy CA cert onto server, in this example it goes into /tmp/YOUR_CACERT.pem, only pem files have been tested, others may work.
Add CA cert into DB (line requires a nickname, as well as the path to the cert copied onto the server)
Verify the cert is in the DB
Verify LDAP connectivity using ldapsearch, you will have to set -H, -b and -D, they can come from your current NMIS ms-ldap config if you have one: -b is auth_ms_ldap_base, -D is auth_ms_ldap_dn_acc:
Change NMIS Auth code to use certificate directory, note it's using LDAP instead of LDAPS and adds a new line with a new config item.
Modify configuration to use ms-ldaps and set new auth_openldap_certs path
- Test login, check /var/log/httpd/error_log and /usr/local/nmis8/logs/auth.log for issues.
Users.nmis will need to have an entry for each user who can authenticate or the default settings for a user will need to be set.