[Samba] ldaps:// referrals from DC
Davide Principi
davide.principi at nethesis.it
Tue Dec 20 13:46:50 UTC 2016
I'm not an LDAP expert and I need an help to understand the following
situation.
I'm configuring a web LDAP addressbook (roundcube) against a Samba 4.4
DC to use simple binds over ldaps://.
My troubles with Samba 4 DC start when the server response contains a
referral with ldap:// URI scheme. The client fails without messages to
error logs.
This does not happen against a Windows Server 2012 implementation, that
answers with ldaps:// URI scheme.
As workaround I could configure STARTTLS and bind over ldap:// scheme,
or disable referrals on the client side ...but a question remain: is
the Samba DC response "correct"? I'd expect both AD implementations do
the same.
This is an ldapsearch command output against Samba DC:
ldapsearch -D 'davidep at neth.eu' -w '*****' -H ldaps://neth.eu -b dc=neth,dc=eu '(objectClass=user)'
...
# search reference
ref: ldap://neth.eu/CN=Configuration,DC=neth,DC=eu
# search reference
ref: ldap://neth.eu/DC=DomainDnsZones,DC=neth,DC=eu
# search reference
ref: ldap://neth.eu/DC=ForestDnsZones,DC=neth,DC=eu
And this is against MS DC:
ldapsearch -D 'davidep at adnethesis.it' -w '******' -H ldaps://192.168.*.* -b dc=adnethesis,dc=it '(objectClass=user)'
...
# search reference
ref: ldaps://ForestDnsZones.adnethesis.it/DC=ForestDnsZones,DC=adnethesis,DC=i
t
# search reference
ref: ldaps://DomainDnsZones.adnethesis.it/DC=DomainDnsZones,DC=adnethesis,DC=i
t
# search reference
ref: ldaps://adnethesis.it/CN=Configuration,DC=adnethesis,DC=it
--
Davide Principi
#davidep | @davideprincipi
More information about the samba
mailing list