TLS and SSL with 2.2.5
Jeff Mandel
jeff.mandel at probes.com
Wed Jul 3 16:16:01 GMT 2002
Shahms E. King wrote:
>On Wed, 2002-07-03 at 15:32, Jeff Mandel wrote:
>
>
>>Does samba support tls only?
>>
>>
>
>no, the pam_ldap supports tls, ssl and unencrypted connections
>and either ssl or tls is the default these days, I can't remember which.
>
>
>
>>I am trying to get the 2.2.5 version of samba to work with ldap and
>>ssl/tls on solaris 8 with iPlanet's Directory 5.x..
>>I can successfully compile and run nss_ldap and pam_ldap over ssl, but
>>those are compiled against the mozilla ldapsdk.
>>
>>
>
>This might be your problem. The LDAP code has only been tested (well,
>by me) compiling against and connecting to and OpenLDAP server.
>
>
In the how-to for setting up samba with LDAP, there's a note about ldaps
being deprecated in favor of TLS. Looking at the code in
passdb/pdb_ldap.c it looks like without TLS, there is in no SSL.
#ifdef LDAP_OPT_X_TLS
tls = LDAP_OPT_X_TLS_HARD;
if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) !=
LDAP_SUCCESS)
{
DEBUG(0, ("Failed to setup a TLS session\n"));
}
DEBUG(0,("LDAPS option set...!\n"));
#else
DEBUG(0,("ldap_open_connection: Secure connection not supported by
LDAP client libraries!\n"));
return False;
#endif
Did I misread this? Would this indicate that TLS is not just preferred,
but maybe the only way?
More information about the samba-technical
mailing list