LDAP samdb and "ldap ssl" (fwd)

Gerald (Jerry) Carter jerry at samba.org
Wed Jan 2 13:47:02 GMT 2002

On 2 Jan 2002, Shahms E. King wrote:

> the reason I wrote it to default to off rather than "start tls" was
> simply that when I first wrote it StartTLS was reported to work with
> OpenLDAP 2.0, but was more than a little bit flaky, given that I haven't
> tested recent incarnations of either OpenLDAP or the ldap sam stuff, I
> don't know if that still applies.

My experience is that it is particularly tempermental with the
server's certificate (i.e. hostname in cert must match "ldap server"
name).  But it seems to be consistent and stable so far.

I'm going to default to "on" I think since RedHat installs openldap
to suppport ldap:/// and ldaps:///.  And Netscape's DS can also support
this.  Sound reasonable?

chau, jerry

More information about the samba-technical mailing list