TLS deferred; searching is ok; some new questions

[Oliver Hoffmann <oliver.hoffmann@uw-service.de>]

Hi all!

> there's no "uid" attribute in the entries listed above;
> either you didn't provide any value to "uid" at all, or
> "uid" is read (and appaerntly search) protected by ACLs.
>
> This has really nothing to do with TLS; fix or clarify
> this before going any further.

Ok, now I see it. It was another confusion I had.

ldapsearch -x -H "ldap://192.168.1.22:389"; mail=jim*
# extended LDIF
#
# LDAPv3
# base <dc=testldap,dc=org> with scope sub
# filter: mail=jim*
# requesting: ALL
#

# Jim Two, users, testldap.org
dn: cn=Jim Two,ou=users,dc=testldap,dc=org
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Jim Two
displayName: Jim
homePostalAddress: at work
mail: jim.two@mailme.com
postalCode: 54356
telephoneNumber: 5245-65354
sn: Two

# search result
search: 2
result: 0 Success

gq still can't search, but it is probably too buggy.

All right, coming back to the stuff I pristinely wanted to know. Do I need 
encryption at all when I authenticate Windows-users via openldap against a 
samba server? How does this process (briefly) work? Do I need to have a 
PDC-functionality?
The main goal is a centralized user management for samba. Does somebody here 
has already experiences with such things and could encourage me to use ldap 
or even not?

Thank you for guidance in this ldap-jungle! 

Cheers,
Oliver.