TLS and SSL with 2.2.5

Jeff Mandel jeff.mandel at probes.com
Wed Jul 3 16:16:01 GMT 2002


Shahms E. King wrote:

>On Wed, 2002-07-03 at 15:32, Jeff Mandel wrote:
>  
>
>>Does samba support tls only?
>>    
>>
>
>no, the pam_ldap supports tls, ssl and unencrypted connections
>and either ssl or tls is the default these days, I can't remember which.
>
>  
>
>>I am trying to get the 2.2.5 version of samba to work with ldap and 
>>ssl/tls on solaris 8 with iPlanet's Directory 5.x..
>>I can successfully compile and run nss_ldap and pam_ldap over ssl, but 
>>those are compiled against the mozilla ldapsdk.
>>    
>>
>
>This might be your problem.  The LDAP code has only been tested (well,
>by me) compiling against and connecting to and OpenLDAP server.
>  
>
In the how-to for setting up samba with LDAP, there's a note about ldaps 
being deprecated in favor of TLS. Looking at the code in 
passdb/pdb_ldap.c it looks like without TLS, there is in no SSL.
#ifdef LDAP_OPT_X_TLS
      tls = LDAP_OPT_X_TLS_HARD;
      if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != 
LDAP_SUCCESS)
      {
          DEBUG(0, ("Failed to setup a TLS session\n"));
      }
      DEBUG(0,("LDAPS option set...!\n"));
#else
      DEBUG(0,("ldap_open_connection: Secure connection not supported by 
LDAP client libraries!\n"));
      return False;
#endif

Did I misread this? Would this indicate that TLS is not just preferred, 
but maybe the only way?






More information about the samba-technical mailing list