enabling secure ldap samba4

Matthieu Patou mat at samba.org
Fri Aug 20 13:40:59 MDT 2010

  On 20/08/2010 20:58, Michael Wood wrote:
> Hi
> On 13 June 2010 16:56, Matthieu Patou<mat at samba.org>  wrote:
>> On 13/06/2010 14:23, Matthias Rohm wrote:
> [...]
>>> Where do I have to change parameters for enabling secure slapd for TLS
>>> encrypion? I was not able to find anything in the tree of samba 4.
>> When using the ldb backend openldap is not used, so you don't need to do
>> anything the ldaps protocol is supported by default (and activated), when
> I'm trying to talk to Samba4 via LDAP using TLS, and I'm getting the
> following exception:
> Traceback (most recent call last):
>    File "/tmp/test.py", line 12, in<module>
>      conn.start_tls_s()
>    File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
> 528, in start_tls_s
>      return self._ldap_call(self._l.start_tls_s)
>    File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 97,
> in _ldap_call
>      result = func(*args,**kwargs)
> ldap.OPERATIONS_ERROR: {'info': 'START-TLS: Failed to setup TLS
> socket', 'desc': 'Operations error'}
> Looking at the packet capture, I see this message comes back from the
> server without any SSL certificate being sent.
> How do I go about debugging this?
Have you compiled with gnutls ? Is a certificate present in the 
private/tls ?

Did you check with other tools (just verified with apachestudio with a 
test provision it's ok for START-TLS.


Matthieu Patou
Samba Team        http://samba.org

More information about the samba-technical mailing list