[Samba] LDAP and CA certificates

[Svend Sorensen]

On 12/17/05, Graham Leggett <minfrin at sharp.fm> wrote:
>
> When configuring Samba against an LDAP server, it is possible to
> configure an SSL connection by using "ldap ssl = on" in the smb.conf file.
>
> Is there a way of telling Samba's LDAP code to ensure that the
> certificate presented by the LDAP server is signed by a specific CA?

I am not certain, but OpenLDAP uses the  TLS_CACERT and TLS_CACERTDIR
options in ldap.conf.  See ldap.conf(5) for details on these settings.

The location of ldap.conf is a complile time option, but it is usually
under PREFIX/etc/openldap/ldap.conf or PREFIX/etc/ldap/ldap.conf.  You
could also try 'strings `which ldapsearch` | grep ldap.conf'