search for: tls_cipher_suite

Hi, Thank you for your feedback, Andrew. Since Samba is not the only application making use of the TLS_CIPHER_SUITE negotiation rules in ldap.conf, I would like to ensure that all of them still use the highest encryption possible. Currently I had to remove "TLS_CIPHER_SUITE" as a workarrou d in order to let Samba work wirh LDAP in TLS mode. Does anyone have a suggestion how I can apply TLS_CIPHER_SUITE...

What would be a working TLS_CIPHER_SUITE in ldap.conf for Samba 4. I'm asking, cause I had to remove TLS_CIPHER_SUITE TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!MD5:!3DES:@STRENGTH from my ldap.conf for samba to work. This wasn't documented anywhere. I think this should be mentoined in the wiki as well as in the man smb.conf under tls.

Hi! Running Dovecot 2.2.36 and authenticating against an OpenLDAP 2.4.45 server. Now since some update of dovecot it will not be able to authenticate your logins after a restart of the LDAP service is restarted without a reboot of the dovecot server. Anything new here that I should be aware of? Best Regards Dag

...v.hm:389/ dn = cn=dovecot,ou=bindusers,dc=smuy,dc=net dnpass = 1qaz2wsx #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = # Use TLS to connect to the LDAP server. tls = yes #tls = no tls_ca_cert_file = /etc/ssl/certs/ca/signing-ca.crt tls_ca_cert_dir = /etc/ssl/certs/ca #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = /etc/ssl/certs/mail.crt #tls_key_file = /etc/ssl/private/mail.key # Valid values: never, hard, demand, allow, try #tls_require_cert = never See some suggestions! Great thanks! muyuan

...tps</name> <protocol>HTTPS</protocol> <port>8443</port> <user>source</user> <hostname>radio.horsens-garage.rocks</hostname> <password>xxx</password> <tls>required</tls> <tls_cipher_suite>HIGH:!RSA:!SHA:!DH:!aNULL:!eNULL:!TLSv1</tls_cipher_s uite> <ca_dir>/etc/ssl/certs</ca_dir> <client_cert>/etc/icecast2/bundle.pem</client_cert> </server> <server> <name>stream_http</name> <protocol>HTTP&...

Hi Team, I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine. Issue comes only with LDAP users. *Anushka Bandara* Research Engineer Lanka Software

...Timo Sirainen <tss at iki.fi> date: Mon Mar 16 23:17:39 2015 +0200 files: src/auth/db-ldap.c description: auth ldap: If any tls_* settings are given when they're not supported, fail with fatal instead of just warning. These may be important for intended security, especially tls_cipher_suite. We shouldn't allow setting them and then somewhat silently just ignore them. .... - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVYlMtnz1H7kL/d9rAQJA1gf9FQqfLMutqbE1BWYGzg15tLIT9kH7Nfwu bwA16Er3lVehuEk1GnmbsJxlVmcz96Yei7MFUAOcNmjM9x0JqLj/Jp5LiXKlHa0+ ZAzF+ivMi...

...> date: Mon Mar 16 23:17:39 2015 +0200 > files: src/auth/db-ldap.c > description: > auth ldap: If any tls_* settings are given when they're > not supported, fail with fatal instead of just warning. > These may be important for intended security, especially > tls_cipher_suite. > We shouldn't allow setting them and then somewhat silently > just ignore them. > > .... > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVYlMtnz1H7kL/d9rAQJA1gf9FQqfLMutqbE1BWYGzg15tLIT9kH7Nfwu > > bwA16Er3lVehuEk1G...

...in user. Normally you want to keep this empty. #sasl_authz_id = # Use TLS to connect to the LDAP server. tls = yes # TLS options, currently supported only with OpenLDAP: #tls_ca_cert_file =/etc/ssl/certs/ldap.crt tls_ca_cert_file =/etc/ssl/certs/ldap6_cacert.pem #tls_ca_cert_dir =/etc/ssl/certs/ #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = /etc/ssl/certs/ldap01_slapd_cert.pem #tls_key_file = /etc/ssl/private/ldap01_slapd_key.pem # Valid values: never, hard, demand, allow, try #tls_require_cert = demand # Use the given ldaprc path. #ldaprc_pa...

...t;, but the # dn is still the logged in user. Normally you want to keep this empty. sasl_authz_id = imap/mx01.example.com at EXAMPLE.COM # Use TLS to connect to the LDAP server. #tls = yes # TLS options, currently supported only with OpenLDAP: tls_ca_cert_file = /etc/ipa/ca.crt #tls_ca_cert_dir = #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = #tls_key_file = # Valid values: never, hard, demand, allow, try tls_require_cert = demand # Use the given ldaprc path. #ldaprc_path = # LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h....

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 22 Jun 2015, lejeczek wrote: > On 22/06/15 09:43, Steffen Kaiser wrote: >> On Mon, 22 Jun 2015, lejeczek wrote: >>> On 22/06/15 09:16, lejeczek wrote: >>>> >>>> to=<me at my.domain>,orig_to=<root at localhost>, relay=dovecot, delay=39296, >>>> delays=39294/2.2/0/0.27,