[Samba] Question about SSL/TLS for ldap and samba

Stéphane Purnelle stephane.purnelle at tiscali.be
Sun Aug 7 11:19:21 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I read in samba-howto-collection :

"To remedy the first security issue, the ldap ssl |smb.conf| parameter
defaults to require an encrypted session (ldap ssl = on) using the
default port of |636| when contacting the directory server. When using
an OpenLDAP server, it is possible to use the StartTLS LDAP extended
operation in the place of LDAPS. In either case, you are strongly
encouraged to use secure communications protocols (so do not set ldap
ssl = off).

 Note that the LDAPS protocol is deprecated in favor of the LDAPv3
StartTLS extended operation. However, the OpenLDAP library still
provides support for the older method of securing communication
between clients and servers."

What is the difference between LDAPs and ldapv3 start-tls ?

I select the ldaps protocol in my smb.conf because I don't kown how
samba manage certificate.
If samba can use a certficate, it's not a problem.  But I think that
samba use the certificate used with openLDAP client.

If is exact can I suggest to add some parameter in smb.cobnf for
specify certificate for samba only.

thanks

    Stéphane Purnelle

- --
Stéphane Purnelle <stephane.purnelle at tiscali.be>
Site Web : http://www.linuxplusvalue.be
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC9e448tswkE3d0ecRApH5AJ4hSwi35mhk2yUN3EMInGn1bkM8sACgi1hp
OOhLAtItrA1uOZMSS92IVnc=
=WsnN
-----END PGP SIGNATURE-----



More information about the samba mailing list