On Wed, 2007-06-06 at 22:40 +0200, Thierry Lacoste
wrote:> I have a samba PDC with a master openldap server
> and a samba BDC with a slave openldap server.
> Replication is done with slurpd with a TLS connection
> and the slave ldap server has an updateref pointing
> to the master (I don't use ldaps).
>
> On each domain controller my smb.conf contains:
> passdb backend = ldapsam:ldap://localhost
>
> Now I'd like my ldap servers to reject non TLS connections
> except on the loopback interface (to avoid unnecessary
> encryption).
>
> Is it possible to configure my BDC so that TLS is used when
> chasing the referal but connections to its passdb backend
> are not encrypted?
Perhaps if the referrals were given as an LDAPS URL in the server? In
terms of localhost allowing cleartext, perhaps use ldapi://, which is by
definition local only.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20070614/f74bf9b3/attachment.bin