* On 03-10-10, Jamrock wrote: > I have been reading up on SSL and LDAP. > > I have read how to create the CA and how to sign certificates. > > When using Outlook Express, LDAP and SSL, we need to import the certificate > so that Outlook Express can verify the authenticity of the LDAP server. > > What does my Samba setup need to allow the Windows workstation to contact > the LDAP server over SSL?
Well, as far as Samba is concerned, it isn't required for your Windows workstation to contact the LDAP server. Things like OE can just connect their Address Books directly to the LDAP directory. They just need to supply adequate directory credentials. One thing that should be noted about encryption is that Windows doesn't support StartTLS, but does support LDAPS. Where it makes sense to start talking about Samba+LDAP is in three areas (okay, there's probably more, but these are the most common): * LDAP stores SAMBA's authentication info (SAMBA is a DC of some sort, and Windows machines connect to it). So LDAP would store usernames, LM/NT passwords, etc. You'd use the sambaAccount schema in this case. * LDAP stores SAMBA printer information (SAMBA provides printer shares and LDAP stores that printer info). * LDAP provides a gateway between SAMBA and some Windows-based domain. (Here, LDAP would integrate with AD or something. AFAIK, this is increasingly redundant now that SAMBA 3.0 is out). Again, there's more situations, but these seem to be the most common (at least, these are the ones most of my students are interested in). Which brings me to my shameless plug, if you're in the Tucson, AZ area I do technically teach a class on all this (contact me off list ;-) -- Sam Hart University/Work addr. <[EMAIL PROTECTED]> Personal addr. <[EMAIL PROTECTED]> Alternative <[EMAIL PROTECTED]> end -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba