Jeff Mandel wrote: > Does samba support tls only? > > I am trying to get the 2.2.5 version of samba to work with ldap and > ssl/tls on solaris 8 with iPlanet's Directory 5.x.. > I can successfully compile and run nss_ldap and pam_ldap over ssl, but > those are compiled against the mozilla ldapsdk. > > It seems that the samba code only supports TLS, and the mozilla sdk only > supports ssl. Please correct me if I'm wrong here.
We are using for months ldap with tls and pam support with OpenLdap, but the /etc/ldap.conf is a bit tricky: ---- base o=smb,dc=unav,dc=es ldap_version 3 # The port. # Optional: default is 389. #port 636 port 636 # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls ssl on ---- ... and the slapd.conf *must* the ldap port (nor the secure) for start tls ( 389 for example), but not the secure port (636) as the RFC says: ---- [global] ldap suffix = "o=smb, dc=unav, dc=es" ldap server = <your_server> ldap port = 389 ldap admin dn = <your rotdn: cn=root, etc...> ldap ssl = start tls ---- a bit more here: http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#smb.conf.tls regards, Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: [EMAIL PROTECTED] CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/