[Samba] TLS and ldap referals

Andrew Bartlett abartlet at samba.org
Thu Jun 14 08:17:38 GMT 2007

On Wed, 2007-06-06 at 22:40 +0200, Thierry Lacoste wrote:
> I have a samba PDC with a master openldap server
> and a samba BDC with a slave openldap server.
> Replication is done with slurpd with a TLS connection
> and the slave ldap server has an updateref pointing
> to the master (I don't use ldaps).
> On each domain controller my smb.conf contains:
> passdb backend = ldapsam:ldap://localhost
> Now I'd like my ldap servers to reject non TLS connections
> except on the loopback interface (to avoid unnecessary
> encryption).
> Is it possible to configure my BDC so that TLS is used when
> chasing the referal but connections to its passdb backend
> are not encrypted?

Perhaps if the referrals were given as an LDAPS URL in the server?  In
terms of localhost allowing cleartext, perhaps use ldapi://, which is by
definition local only.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20070614/f74bf9b3/attachment.bin

More information about the samba mailing list