[Samba] ldaps connections
Martin Ritchie
martin.ritchie at kelvininstitute.com
Mon Feb 2 11:39:50 GMT 2004
It is my understanding that a secure ldap connection should only send
encrypted data yet my configuration is sending plaintext
The following strace output from a smbpasswd results in the following:
connect(4, {sin_family=AF_INET, sin_port=htons(636),
sin_addr=inet_addr("<ldap server>")}}, 16) = -1 EINPROGRESS (Operation
now in progress)
...snip...
write(4, "07\2\1\1`2\2\1\3\4$cn=Manager,dc=kelvin"..., 57) = 57
write(1, "failed to bind to server with dn"..., 104failed to bind to
server with dn= cn=Manager,dc=kelvininstitute,dc=com Error: Can't
contact LDAP server
) = 104
..snip...
write(4, "0\5\2\1\2B\0", 7) = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) ---
+++ killed by SIGPIPE +++
A connection to the server is started on the correct port but then the
dn is sent in the clear and the server kill the connection.
The ldap section from testparm -v yields
ldap server = <ldap server>
ldap port = 636
ldap suffix = dc=kelvininstitute,dc=com
ldap machine suffix = ou = Computers
ldap user suffix = ou = People
ldap group suffix = ou = Group
ldap idmap suffix =
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = "cn=Manager,dc=kelvininstitute,dc=com"
ldap ssl = Yes
ldap passwd sync = Yes
ldap delete dn = No
any thoughts?
Cheers
--
Martin Ritchie
the Kelvin Institute
50, George Street
Glasgow
Scotland, UK
G1 1QE
www.kelvininstitute.com
+44 (0) 141 548 5719
More information about the samba
mailing list