[Samba] ldaps connections

[Craig White]

start_tls is actually port 389
ldap on port 689 was older method via ssl

I generally leave the ldap ssl = no

and use 
passdb backend = ldapsam:"ldaps://fqdn_of_ldap_server/"

ldap server = #not applicable to samba 3

Craig

On Mon, 2004-02-02 at 04:39, Martin Ritchie wrote:
> It is my understanding that a secure ldap connection should only send 
> encrypted data yet my configuration is sending plaintext
> 
> The following strace output from a smbpasswd results in the following:
> 
> connect(4, {sin_family=AF_INET, sin_port=htons(636), 
> sin_addr=inet_addr("<ldap server>")}}, 16) = -1 EINPROGRESS (Operation 
> now in progress)
> ...snip...
> write(4, "07\2\1\1`2\2\1\3\4$cn=Manager,dc=kelvin"..., 57) = 57
> write(1, "failed to bind to server with dn"..., 104failed to bind to 
> server with dn= cn=Manager,dc=kelvininstitute,dc=com Error: Can't 
> contact LDAP server
> ) = 104
> ..snip...
> write(4, "0\5\2\1\2B\0", 7)             = -1 EPIPE (Broken pipe)
> --- SIGPIPE (Broken pipe) ---
> +++ killed by SIGPIPE +++
> 
> 
> A connection to the server is started on the correct port but then the 
> dn is sent in the clear and the server kill the connection.
> 
> The ldap section from testparm -v yields
> 
>         ldap server = <ldap server>
>          ldap port = 636
>          ldap suffix = dc=kelvininstitute,dc=com
>          ldap machine suffix = ou = Computers
>          ldap user suffix = ou = People
>          ldap group suffix = ou = Group
>          ldap idmap suffix =
>          ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
>          ldap admin dn = "cn=Manager,dc=kelvininstitute,dc=com"
>          ldap ssl = Yes
>          ldap passwd sync = Yes
>          ldap delete dn = No
> 
> any thoughts?
> 
> Cheers
> 
> -- 
> Martin Ritchie
> 
> the Kelvin Institute
> 50, George Street
> Glasgow
> Scotland, UK
> G1 1QE
> 
> www.kelvininstitute.com
> +44 (0) 141 548 5719