1
<samba:parameter name="ldap ssl"
4
advanced="1" developer="1"
5
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
7
<para>This option is used to define whether or not Samba should
8
use SSL when connecting to the ldap server
9
This is <emphasis>NOT</emphasis> related to
10
Samba's previous SSL support which was enabled by specifying the
11
<command moreinfo="none">--with-ssl</command> option to the
12
<filename moreinfo="none">configure</filename>
15
<para>LDAP connections should be secured where possible. This may be
16
done setting <emphasis>either</emphasis> this parameter to
17
<parameter moreinfo="none">Start_tls</parameter>
18
<emphasis>or</emphasis> by specifying <parameter moreinfo="none">ldaps://</parameter> in
19
the URL argument of <smbconfoption name="passdb backend"/>.</para>
21
<para>The <smbconfoption name="ldap ssl"/> can be set to one of
25
<para><parameter moreinfo="none">Off</parameter> = Never
26
use SSL when querying the directory.</para>
30
<para><parameter moreinfo="none">start tls</parameter> = Use
31
the LDAPv3 StartTLS extended operation (RFC2830) for
32
communicating with the directory server.</para>
36
Please note that this parameter does only affect <emphasis>rpc</emphasis>
37
methods. To enable the LDAPv3 StartTLS extended operation (RFC2830) for
38
<emphasis>ads</emphasis>, set
39
<smbconfoption name="ldap ssl">yes</smbconfoption>
40
<emphasis>and</emphasis>
41
<smbconfoption name="ldap ssl ads">yes</smbconfoption>.
42
See <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
43
for more information on <smbconfoption name="ldap ssl ads"/>.
47
<value type="default">start tls</value>