enabling secure ldap samba4
Matthieu Patou
mat at samba.org
Fri Aug 20 13:40:59 MDT 2010
On 20/08/2010 20:58, Michael Wood wrote:
> Hi
>
> On 13 June 2010 16:56, Matthieu Patou<mat at samba.org> wrote:
>> On 13/06/2010 14:23, Matthias Rohm wrote:
> [...]
>>> Where do I have to change parameters for enabling secure slapd for TLS
>>> encrypion? I was not able to find anything in the tree of samba 4.
>>>
>> When using the ldb backend openldap is not used, so you don't need to do
>> anything the ldaps protocol is supported by default (and activated), when
> I'm trying to talk to Samba4 via LDAP using TLS, and I'm getting the
> following exception:
>
> Traceback (most recent call last):
> File "/tmp/test.py", line 12, in<module>
> conn.start_tls_s()
> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
> 528, in start_tls_s
> return self._ldap_call(self._l.start_tls_s)
> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 97,
> in _ldap_call
> result = func(*args,**kwargs)
> ldap.OPERATIONS_ERROR: {'info': 'START-TLS: Failed to setup TLS
> socket', 'desc': 'Operations error'}
>
> Looking at the packet capture, I see this message comes back from the
> server without any SSL certificate being sent.
>
> How do I go about debugging this?
>
Have you compiled with gnutls ? Is a certificate present in the
private/tls ?
Did you check with other tools (just verified with apachestudio with a
test provision it's ok for START-TLS.
Matthieu
--
Matthieu Patou
Samba Team http://samba.org
More information about the samba-technical
mailing list