14.04 and 16.04, at which point we'll update the documentation to not refer to said bug (as the tool should exist again), and hopefully, Samuel you can retest then.Hello, I spent almost 3 weeks banging my head making Open LDAP TLS Samba to work.But, on a client machine I didn't, libnss_ldap could not find CA certificate until I put 'tls_cacertfile' line in /etc/Apparently, one way (probably a better way) to do this is to use 'update-' command and have hash-based CA certificate file name under /etc/ssl/certs/.The new way of TLS enabled LDAP is to use standard 'ldap://' scheme and port 389. But anywhere it refers 'hdb' in command or output, it should be replaced with 'mdb' since mdb is the default database slapd uses in current version. In ' TLS' section, following instructions in that order end up having an error at 'ldapmodify' command, since at that time slapd does not have read permission on private key file. The reason libnss_ldap didn't find CA certificate might be I didn't follow standard procedures.(Fanny thing on slapd server machine, it found it without tls_cacertfile line, but on client machine it didn't.) I think I have to rewrite 1-5 altogether. I leaned, for a CA certificate file to be automatically found, not only it must reside in standard folder, but it also has to be named based on it's hash value. Nobody can find it, unless we tell them where it is, in one way or another.I think it would be nice to have brief description of ldap URL scheme somewhere before installation section.Since confusing them could end up wasting days like me :( Something like: There are three URL scheme used for LDAP.
Open LDAP utility client (ldapsearch, ldapmodify, ...) - 'ldapi://' is to use UNIX domain socket, typically used in 'ldapi:///' form to indicate to connect to default server.This can be used only when you run clients on the same machine slapd is running.SAMBA are Samba packages for a variety of Linux distributions provided by Ser Net and offered at shop.The subscriptions are managed via OPOSSO at https://oposso.
Thought I might share my experience could help someone out there.