TLS and SSL with 2.2.5

Ignacio Coupeau icoupeau at
Thu Jul 4 02:06:01 GMT 2002

Jeff Mandel wrote:
> Does samba support tls only?
> I am trying to get the 2.2.5 version of samba to work with ldap and 
> ssl/tls on solaris 8 with iPlanet's Directory 5.x..
> I can successfully compile and run nss_ldap and pam_ldap over ssl, but 
> those are compiled against the mozilla ldapsdk.
> It seems that the samba code only supports TLS, and the mozilla sdk only 
> supports ssl. Please correct me if I'm wrong here.

We are using for months ldap with tls and pam support with OpenLdap, but 
the /etc/ldap.conf is a bit tricky:

base o=smb,dc=unav,dc=es
ldap_version 3
# The port.
# Optional: default is 389.
#port 636
port 636

# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
ssl on

... and the slapd.conf *must* the ldap port (nor the secure) for start 
tls ( 389 for example), but not the secure port (636) as the RFC says:

ldap suffix = "o=smb, dc=unav, dc=es"
ldap server = <your_server>
ldap port = 389
ldap admin dn = <your rotdn: cn=root, etc...>

ldap ssl = start tls

a bit more here:


Ignacio Coupeau, Ph.D.     e-mail: icoupeau at
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN  

More information about the samba-technical mailing list