[Samba] samba (3.0.20) doesn't use TLS for LDAP referrals

José M. Fandiño samba at fadesa.es
Thu Sep 29 17:48:49 GMT 2005


 Now I'm trying to move the LDAP backend from the master OpenLDAP
server to a slave one. The ACL rules for all directories requires 
a "ssf = 112" (Security Strength Factor) just to be sure that all 
connections are properly encrypted. Also the slave directory has a 
referral directive pointing the master directory. 

Samba works perfectly with the slave directory except when a write
operation is done, then it gets a referral and this time the modification
is tried with the master but with an unencrypted connection.

I can see _four_ unencrypted tries to the master directory server and
a network trace confirms that samba doesn't use TLS with referrals.

first contact with the slave directory:
Sep 29 18:25:43 slave slapd[30977]: <= check a_authz.sai_ssf: ACL 112 > OP 168

fwe seconds later the referral is followed:
Sep 29 18:25:45 master slapd[6738]: <= check a_authz.sai_ssf: ACL 112 > OP 0

is it a bug in samba? or in the OpenLDAP libraries?

Thank you.
Version: 3.1
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP+>+++ t+ 5 X+$ R- tv-- b+++ DI D++>+++
G++ e- h+(++) !r !z

More information about the samba mailing list