[Samba] samba (3.0.20) doesn't use TLS for LDAP referrals
José M. Fandiño
samba at fadesa.es
Fri Sep 30 12:18:11 GMT 2005
Jay Fenlason wrote:
> > I can see _four_ unencrypted tries to the master directory server and
> > a network trace confirms that samba doesn't use TLS with referrals.
> >
> > first contact with the slave directory:
> > Sep 29 18:25:43 slave slapd[30977]: <= check a_authz.sai_ssf: ACL 112 > OP 168
> >
> > fwe seconds later the referral is followed:
> > Sep 29 18:25:45 master slapd[6738]: <= check a_authz.sai_ssf: ACL 112 > OP 0
> >
> > is it a bug in samba? or in the OpenLDAP libraries?
>
> Could be the OpenLDAP libraries. What version of them are you using?
OpenLDAP 2.2.28 (it's the last version of the 2.2.x series)
> It sounds suspiciously like
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161991
> which is the OpenLDAP part of
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
Jay,
you are right, I'm hitting this bug[1]. I' will post the question in
the OpenLDAP ML.
Thank you.
[1] http://www.openldap.org/its/index.cgi/Software%20Bugs?id=3791;selectid=3791
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP+>+++ t+ 5 X+$ R- tv-- b+++ DI D++>+++
G++ e- h+(++) !r !z
------END GEEK CODE BLOCK------
More information about the samba
mailing list