LDAP samdb and "ldap ssl" (fwd)

Shahms E. King shahms at shahms.com
Wed Jan 2 13:30:15 GMT 2002


the reason I wrote it to default to off rather than "start tls" was
simply that when I first wrote it StartTLS was reported to work with
OpenLDAP 2.0, but was more than a little bit flaky, given that I haven't
tested recent incarnations of either OpenLDAP or the ldap sam stuff, I
don't know if that still applies.

--Shahms

On Wed, 2002-01-02 at 13:17, Gerald (Jerry) Carter wrote:
> Folks,
> 
> I need to do a straw poll.  Right now the "ldap ssl" for the ldap samdb
> backend defaults to off which means that everthing goes in the clear in
> between the ldap server and smbd.  How do people feel about making this
> parameter default to "start tls"?  This means that using the default
> values, only an OpenLDAP 2.0 server properly confiured to support SSL
> connections would work.  This could be manually changed of course. The
> advantage I see is not sending things over the wire in the clear without
> the direct consent of the admin.
> 
> Yes?  No?
> 
> 
> 
> 
> 
> chau, jerry
>  ---------------------------------------------------------------------
>  Hewlett-Packard                                     http://www.hp.com
>  SAMBA Team                                       http://www.samba.org
>  --                                            http://www.plainjoe.org
>  "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
>  --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
> 
> 
> 






More information about the samba-technical mailing list