start_tls is actually port 389
ldap on port 689 was older method via ssl
I generally leave the ldap ssl = no
and use
passdb backend = ldapsam:"ldaps://fqdn_of_ldap_server/"
ldap server = #not applicable to samba 3
Craig
On Mon, 2004-02-02 at 04:39, Martin Ritchie wrote:> It is my understanding that a secure ldap connection should only send
> encrypted data yet my configuration is sending plaintext
>
> The following strace output from a smbpasswd results in the following:
>
> connect(4, {sin_family=AF_INET, sin_port=htons(636),
> sin_addr=inet_addr("<ldap server>")}}, 16) = -1 EINPROGRESS
(Operation
> now in progress)
> ...snip...
> write(4, "07\2\1\1`2\2\1\3\4$cn=Manager,dc=kelvin"..., 57) = 57
> write(1, "failed to bind to server with dn"..., 104failed to bind
to
> server with dn= cn=Manager,dc=kelvininstitute,dc=com Error: Can't
> contact LDAP server
> ) = 104
> ..snip...
> write(4, "0\5\2\1\2B\0", 7) = -1 EPIPE (Broken pipe)
> --- SIGPIPE (Broken pipe) ---
> +++ killed by SIGPIPE +++
>
>
> A connection to the server is started on the correct port but then the
> dn is sent in the clear and the server kill the connection.
>
> The ldap section from testparm -v yields
>
> ldap server = <ldap server>
> ldap port = 636
> ldap suffix = dc=kelvininstitute,dc=com
> ldap machine suffix = ou = Computers
> ldap user suffix = ou = People
> ldap group suffix = ou = Group
> ldap idmap suffix > ldap filter =
(&(uid=%u)(objectclass=sambaSamAccount))
> ldap admin dn = "cn=Manager,dc=kelvininstitute,dc=com"
> ldap ssl = Yes
> ldap passwd sync = Yes
> ldap delete dn = No
>
> any thoughts?
>
> Cheers
>
> --
> Martin Ritchie
>
> the Kelvin Institute
> 50, George Street
> Glasgow
> Scotland, UK
> G1 1QE
>
> www.kelvininstitute.com
> +44 (0) 141 548 5719