[Samba] Question about SSL/TLS for ldap and samba

Gavin Henry ghenry at suretecsystems.com
Tue Aug 9 20:07:21 GMT 2005 

On Monday 08 Aug 2005 10:25, spu at corman.be wrote:
> samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
>
> 08/08/2005 11:17:59 :
> > > What is the difference between LDAPs and ldapv3 start-tls ?
> >
> > ldaps listens on port 636 and start-tls is used on the standard 389 ldap
> > port.
>
> I know that, but I ask because I read in samba-howto-collection that samba
> prefer to use ldapv3 start-tls that the protocol ldaps.  And I want to know
> why
>
> > > I select the ldaps protocol in my smb.conf because I don't kown how
> > > samba manage certificate.
> >
> > I would use:
> >
> > ldap ssl = start_tls
> >
> > > If samba can use a certficate, it's not a problem.  But I think that
> > > samba use the certificate used with openLDAP client.
> >
> > Samba looks at the standard system ldap.conf, which is in
> > /etc/openldap/ldap.conf
>
> yes, but I don't like this because I cannot specify a certificate for samba
> only, is the certificate specify in /etc/openldap/ldap.conf which is used.

Why do you want a different one?

>
> > You can tell OpenLDAP to only allow TLS connections via the "security"
> > setting.
> >
> > See man slapd.conf
> >
> > Gavin.
> >
> > --
> > Kind Regards,
> >
> > Gavin Henry.
> > Managing Director.
> >
> > T +44 (0) 1224 279484
> > M +44 (0) 7930 323266
> > F +44 (0) 1224 742001
> > E ghenry at suretecsystems.com
> >
> > Open Source. Open Solutions(tm).
> >
> > http://www.suretecsystems.com/
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> -----------------------------------
> Stéphane PURNELLE                         stephane.purnelle at corman.be
> Service Informatique       Corman S.A.           Tel : 00 32 087/342467

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 742001
E ghenry at suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

More information about the samba mailing list