TLS and SSL with 2.2.5
Ignacio Coupeau
icoupeau at unav.es
Thu Jul 4 02:06:01 GMT 2002
Jeff Mandel wrote:
> Does samba support tls only?
>
> I am trying to get the 2.2.5 version of samba to work with ldap and
> ssl/tls on solaris 8 with iPlanet's Directory 5.x..
> I can successfully compile and run nss_ldap and pam_ldap over ssl, but
> those are compiled against the mozilla ldapsdk.
>
> It seems that the samba code only supports TLS, and the mozilla sdk only
> supports ssl. Please correct me if I'm wrong here.
We are using for months ldap with tls and pam support with OpenLdap, but
the /etc/ldap.conf is a bit tricky:
----
base o=smb,dc=unav,dc=es
ldap_version 3
# The port.
# Optional: default is 389.
#port 636
port 636
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
ssl on
----
... and the slapd.conf *must* the ldap port (nor the secure) for start
tls ( 389 for example), but not the secure port (636) as the RFC says:
----
[global]
ldap suffix = "o=smb, dc=unav, dc=es"
ldap server = <your_server>
ldap port = 389
ldap admin dn = <your rotdn: cn=root, etc...>
ldap ssl = start tls
----
a bit more here:
http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#smb.conf.tls
regards,
Ignacio
--
____________________________________________________
Ignacio Coupeau, Ph.D. e-mail: icoupeau at unav.es
CTI, Director fax: 948 425619
University of Navarra voice: 948 425600
Pamplona, SPAIN http://www.unav.es/cti/
More information about the samba-technical
mailing list