HP CIFS Server 3.0a Administrator's Guide version A.02.01

LDAP Integration Support

Enabling Secure Sockets Layer (SSL)

Chapter 8 133

subsection of the “Installing LDAP-UX Client Services” chapter in

LDAP-UX Client Services B.03.20 Administrator’s Guide at

http://docs.hp.com.

If the LDAP-UX client services has already been set up, modify the

authenticationMethod and preferredServerList attributes in the

/etc/opt/ldapux/ldapux_profile ﬁle as follows:

• Modify the authenticationMethod attribute to add the transport

layer security authentication method, tls:, in front of the original

authentication method, simple.

For example, without SSL enabled, the original

authenticationMethod entry is authenticationMethod: simple.

With SSL enabled, the authenticationMethod entry will be

authenticationMethod: tls:simple.

• Modify the preferredServerList attribute to change the regular

LDAP port number, 389, to the SSL port number, 636.

For example, without SSL enabled, the original

preferredServerList entry is preferredServerList:

15.13.111.200:389. With SSL enabled, the preferredServerList

entry will be preferredServerList: 15.13.111.200:636.

Conﬁguring HP CIFS Server to enable SSL

For HP CIFS Server A.02.* versions, set the passwd backend =

ldapsam:ldaps://<fully qualitied name of NDS server> in

smb.conf to enabe SSL support. If you choose to use the A.01.* versions

of backward compatible LDAP account backend, set the passwd backend

= ldapsam_compat://ldaps:< ldap server name> , ldap ssl = yes

and ldap port = 636 in smb.conf to enable SSL.

For detailed information on how to enable SSL on the HP CIFS Server,

see “LDAP Conﬁguration Parameters” on page 141.