[Samba] ldaps connections

Martin Ritchie martin.ritchie at kelvininstitute.com
Mon Feb 2 11:39:50 GMT 2004

It is my understanding that a secure ldap connection should only send 
encrypted data yet my configuration is sending plaintext

The following strace output from a smbpasswd results in the following:

connect(4, {sin_family=AF_INET, sin_port=htons(636), 
sin_addr=inet_addr("<ldap server>")}}, 16) = -1 EINPROGRESS (Operation 
now in progress)
write(4, "07\2\1\1`2\2\1\3\4$cn=Manager,dc=kelvin"..., 57) = 57
write(1, "failed to bind to server with dn"..., 104failed to bind to 
server with dn= cn=Manager,dc=kelvininstitute,dc=com Error: Can't 
contact LDAP server
) = 104
write(4, "0\5\2\1\2B\0", 7)             = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) ---
+++ killed by SIGPIPE +++

A connection to the server is started on the correct port but then the 
dn is sent in the clear and the server kill the connection.

The ldap section from testparm -v yields

        ldap server = <ldap server>
         ldap port = 636
         ldap suffix = dc=kelvininstitute,dc=com
         ldap machine suffix = ou = Computers
         ldap user suffix = ou = People
         ldap group suffix = ou = Group
         ldap idmap suffix =
         ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
         ldap admin dn = "cn=Manager,dc=kelvininstitute,dc=com"
         ldap ssl = Yes
         ldap passwd sync = Yes
         ldap delete dn = No

any thoughts?


Martin Ritchie

the Kelvin Institute
50, George Street
Scotland, UK
G1 1QE

+44 (0) 141 548 5719

More information about the samba mailing list