On 12/17/05, Graham Leggett <minfrin@sharp.fm>
wrote:>
> When configuring Samba against an LDAP server, it is possible to
> configure an SSL connection by using "ldap ssl = on" in the
smb.conf file.
>
> Is there a way of telling Samba's LDAP code to ensure that the
> certificate presented by the LDAP server is signed by a specific CA?
I am not certain, but OpenLDAP uses the TLS_CACERT and TLS_CACERTDIR
options in ldap.conf. See ldap.conf(5) for details on these settings.
The location of ldap.conf is a complile time option, but it is usually
under PREFIX/etc/openldap/ldap.conf or PREFIX/etc/ldap/ldap.conf. You
could also try 'strings `which ldapsearch` | grep ldap.conf'