[Samba] samba (3.0.20) doesn't use TLS for LDAP referrals
José M. Fandiño
samba at fadesa.es
Thu Sep 29 17:48:49 GMT 2005
Now I'm trying to move the LDAP backend from the master OpenLDAP
server to a slave one. The ACL rules for all directories requires
a "ssf = 112" (Security Strength Factor) just to be sure that all
connections are properly encrypted. Also the slave directory has a
referral directive pointing the master directory.
Samba works perfectly with the slave directory except when a write
operation is done, then it gets a referral and this time the modification
is tried with the master but with an unencrypted connection.
I can see _four_ unencrypted tries to the master directory server and
a network trace confirms that samba doesn't use TLS with referrals.
first contact with the slave directory:
Sep 29 18:25:43 slave slapd: <= check a_authz.sai_ssf: ACL 112 > OP 168
fwe seconds later the referral is followed:
Sep 29 18:25:45 master slapd: <= check a_authz.sai_ssf: ACL 112 > OP 0
is it a bug in samba? or in the OpenLDAP libraries?
-----BEGIN GEEK CODE BLOCK-----
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP+>+++ t+ 5 X+$ R- tv-- b+++ DI D++>+++
G++ e- h+(++) !r !z
------END GEEK CODE BLOCK------
More information about the samba