[Samba] LDAP and CA certificates
ssorensen at gmail.com
Mon Dec 19 17:48:44 GMT 2005
On 12/17/05, Graham Leggett <minfrin at sharp.fm> wrote:
> When configuring Samba against an LDAP server, it is possible to
> configure an SSL connection by using "ldap ssl = on" in the smb.conf file.
> Is there a way of telling Samba's LDAP code to ensure that the
> certificate presented by the LDAP server is signed by a specific CA?
I am not certain, but OpenLDAP uses the TLS_CACERT and TLS_CACERTDIR
options in ldap.conf. See ldap.conf(5) for details on these settings.
The location of ldap.conf is a complile time option, but it is usually
under PREFIX/etc/openldap/ldap.conf or PREFIX/etc/ldap/ldap.conf. You
could also try 'strings `which ldapsearch` | grep ldap.conf'
More information about the samba