[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Samba 3.0.1 and OpenLDAP 2.2.4 with TLS

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: Samba 3.0.1 and OpenLDAP 2.2.4 with TLS
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Sat, 31 Jan 2004 15:14:39 +0100
In-reply-to: <401A85B2.6090307@kelvininstitute.com>
Organization: Billy
References: <401A85B2.6090307@kelvininstitute.com>

fre, 30.01.2004 kl. 17.26 skrev Martin Ritchie:

> set up OpenLDAP to authenticate our linux users and exim MTAs. 
> This all works fine with OpenLDAP only providing a ldaps:/// connection 
> on 636.
> 
> However I cannot for the life of me get samba to speak tls to it. I've 
> seen numerous suggestions of simply putting
> 
> ldap ssl = start_tls or
> ldap ssl = on
> 
> in the smb.conf file

In addition to what Dieter wrote, LDAP TLS (normally, it can be changed)
runs on port 389. Connecting to it works with another mechanism than
SSL, but the end result is the same.

If you only have LDAP running on port 636, STARTTLS can not work.

If you are worried about slapd allowing non-encrypted connections to
port 389, you can reverse this behavior by putting "security tls=1" in
slapd.conf and restarting slapd.

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl

References:
- Samba 3.0.1 and OpenLDAP 2.2.4 with TLS
  - From: Martin Ritchie <martin.ritchie@kelvininstitute.com>

Prev by Date: Slapd daemon is stopped automatically
Next by Date: Re: Problem with OpenLDAP 2.2.5 configure go on
Index(es):
- Chronological
- Thread