[Samba] problems with ldap tls
Michael Heironimus
mkh01 at earthlink.net
Wed Feb 19 00:10:39 GMT 2003
On Tue, Feb 18, 2003 at 01:42:51AM +0100, Michael Ott wrote:
> starting ldap using slapd -d1 -h "ldaps://0.0.0.0/"
>
> Why does not it work?
> using ldap ssl = no working
>
> thanx
>
> Here my smb.conf:
> ldap server = localhost
> #ldap port = 389
> ldap port = 636
> ldap suffix = o=zolnott,dc=de
> ldap admin dn = uid=ldaproot,o=zolnott,dc=de
> ldap filter = (&(uid=%u)(objectclass=sambaAccount))
> ldap ssl = start_tls
As I recall, StartTLS is a method for negotiating SSL after the
connection has been opened. It opens a cleartext connection to the
non-SSL port and then requests a switch to an encrypted connection. This
is only available with LDAPv3-compliant servers. I think OpenLDAP 2.0
supports it but has some problems, while OpenLDAP 2.1 has better support
for it. I think you'd need "ldap port = 636" with "ldap ssl = on", or
"ldap port = 389" with "ldap ssl = start_tls".
--
Michael Heironimus
More information about the samba
mailing list