On Tue, Feb 18, 2003 at 01:42:51AM +0100, Michael Ott wrote: > starting ldap using slapd -d1 -h "ldaps://0.0.0.0/" > > Why does not it work? > using ldap ssl = no working > > thanx > > Here my smb.conf: > ldap server = localhost > #ldap port = 389 > ldap port = 636 > ldap suffix = o=zolnott,dc=de > ldap admin dn = uid=ldaproot,o=zolnott,dc=de > ldap filter = (&(uid=%u)(objectclass=sambaAccount)) > ldap ssl = start_tls
As I recall, StartTLS is a method for negotiating SSL after the connection has been opened. It opens a cleartext connection to the non-SSL port and then requests a switch to an encrypted connection. This is only available with LDAPv3-compliant servers. I think OpenLDAP 2.0 supports it but has some problems, while OpenLDAP 2.1 has better support for it. I think you'd need "ldap port = 636" with "ldap ssl = on", or "ldap port = 389" with "ldap ssl = start_tls". -- Michael Heironimus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
