[Samba] Question about SSL/TLS for ldap and samba

spu at corman.be spu at corman.be
Mon Aug 8 09:25:08 GMT 2005



samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
08/08/2005 11:17:59 :
> > What is the difference between LDAPs and ldapv3 start-tls ?
>
> ldaps listens on port 636 and start-tls is used on the standard 389 ldap
> port.

I know that, but I ask because I read in samba-howto-collection that samba
prefer to use ldapv3 start-tls that the protocol ldaps.  And I want to know
why

>
> > I select the ldaps protocol in my smb.conf because I don't kown how
> > samba manage certificate.
>
> I would use:
>
> ldap ssl = start_tls
>
> > If samba can use a certficate, it's not a problem.  But I think that
> > samba use the certificate used with openLDAP client.
>
> Samba looks at the standard system ldap.conf, which is in
> /etc/openldap/ldap.conf

yes, but I don't like this because I cannot specify a certificate for samba
only, is the certificate specify in /etc/openldap/ldap.conf which is used.

>
> You can tell OpenLDAP to only allow TLS connections via the "security"
> setting.
>
> See man slapd.conf
>
> Gavin.
>
> --
> Kind Regards,
>
> Gavin Henry.
> Managing Director.
>
> T +44 (0) 1224 279484
> M +44 (0) 7930 323266
> F +44 (0) 1224 742001
> E ghenry at suretecsystems.com
>
> Open Source. Open Solutions(tm).
>
> http://www.suretecsystems.com/
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467


More information about the samba mailing list