Using SSL with LDAP and Open Directory

[XFox]

Hi all,
I’m reading the freshly printed [url=http://www.peachpit.com/title/0321362446]”Mac OS X Server 10.4 Tiger”[/url] Visual Quick Pro Guide book by Schoun Regan.

On page 109 it explains how to use Secure Sockets Layer (SSL) in an Open Directory Master configured server.
It says:
“[…] Once you select this checkbox [the “Enable Secure Sockets Layer (SSL)” checkbox in Server Admin –> Open Directory module –> Protocols, ndMe] and save, anyone using Workgroup Manager to manage shared (LDAP) accounts will be denied. That’s because you must first use Directory Access to tell the server to use SSL to see its own shared domain. To do that, open Directory Access on the server (or choose Server > Connect on any Mac OS X computer from Directory Access). Double-click the LDAPv3 service from the Services list and select the SSL check box on the right of the window. Click OK to accept the changes. […]”

I enabled SSL using the Default certificate then I tried to use Workgroup Manager to consult the shared LDAPv3 domain, directly from the server and from a client on the server’s LAN, and it worked [b]without[/b] applying the above setting change.

Am I missing something and I didn’t enable SSL or the fault is somewhere else?
TIA.

[XFox]

Thanks macshome, I suppose this is another little error in the book.
I’ve already created the domain administrator with a custom name and I’ll follow your advice to read the articles on making a better SSL certificate.
I found this two articles:
[url=https://www.afp548.com/article.php?story=20050708112636410]Securing Tiger Server IMAP, POP, and SMTP with self-signed SSL[/url]
[url=https://www.afp548.com/article.php?story=20050813004038282]Certificate Assistant – Rolling your own CA on Tiger[/url]
Are there other articles regarding SSL certificate creation?
If you like, could you please briefly explain me why using the default SSL certificate is no good? 😀

[Author]

Posts