On Wed, 2007-06-06 at 22:40 +0200, Thierry Lacoste wrote: > I have a samba PDC with a master openldap server > and a samba BDC with a slave openldap server. > Replication is done with slurpd with a TLS connection > and the slave ldap server has an updateref pointing > to the master (I don't use ldaps). > > On each domain controller my smb.conf contains: > passdb backend = ldapsam:ldap://localhost > > Now I'd like my ldap servers to reject non TLS connections > except on the loopback interface (to avoid unnecessary > encryption). > > Is it possible to configure my BDC so that TLS is used when > chasing the referal but connections to its passdb backend > are not encrypted?
Perhaps if the referrals were given as an LDAPS URL in the server? In terms of localhost allowing cleartext, perhaps use ldapi://, which is by definition local only. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba