Hello All-
I'm having a strange issue where, for whatever reason, LAM cannot verify
the certificate I'm using for TLS on my Samba4 AD server. I have my own CA
as well as a server cert.
If I do the following, openssl happily validates the cert:
openssl s_client -connect dc:389 -starttls ldap -showcerts
If I write a Python script using the python-ldap library, that python-ldap
library can initiate a TLS connection and retrieve user attributes without
a problem.
If I write a simple PHP script that only connects to the Samba server and
initiates TLS, I can get that PHP script to work (and initiate TLS) by
either setting an option /etc/openldap/ldap.conf, OR setting the
LDAP_OPT_X_TLS_NEVER option for LDAP_OPT_X_TLS_REQUIRE_CERT on the ldap
connection, OR putenv('LDAPTLS_REQCERT=never'). But if I try any (or all)
of these three options, it does NOT affect LAM. (I tried putting the code
right before LAM starts TLS in accounts.inc file.) I am running this PHP
test script as well as LAM from php-fpm under nginx.
Thanks!
-JK
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
