Hello, Now I'm trying to move the LDAP backend from the master OpenLDAP server to a slave one. The ACL rules for all directories requires a "ssf = 112" (Security Strength Factor) just to be sure that all connections are properly encrypted. Also the slave directory has a referral directive pointing the master directory.
Samba works perfectly with the slave directory except when a write operation is done, then it gets a referral and this time the modification is tried with the master but with an unencrypted connection. I can see _four_ unencrypted tries to the master directory server and a network trace confirms that samba doesn't use TLS with referrals. first contact with the slave directory: Sep 29 18:25:43 slave slapd[30977]: <= check a_authz.sai_ssf: ACL 112 > OP 168 fwe seconds later the referral is followed: Sep 29 18:25:45 master slapd[6738]: <= check a_authz.sai_ssf: ACL 112 > OP 0 is it a bug in samba? or in the OpenLDAP libraries? Thank you. -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w--- O+ M+ V- PS+ PE+ Y++ PGP+>+++ t+ 5 X+$ R- tv-- b+++ DI D++>+++ G++ e- h+(++) !r !z ------END GEEK CODE BLOCK------ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
