# FreeBSD 9 LDAP



## Leander (Jan 12, 2012)

Hi

Unfortunately recent installations of smbldap-tools-0.9.7 (ports install) throws errors on FreeBSD 9.0


```
FreeBSD [~]# smbldap-populate
Populating LDAP directory for domain MyDomain (S-1-5-21-1[...])
(using builtin directory structure)

Could not start_tls: Cannot determine peer hostname for
 verificationerror:00000000:lib(0):func(0):reason(0) at
 /usr/local/lib/perl5/site_perl/5.12.4/smbldap_tools.pm line 365.
```


Google search doesn't result in much - but it seems like a Perl module is broken and unable to establish TLS?! Net::LDAP fails with later versions of IO::Socket::SSL
Unfortunately don't know how to apply the suggested patches ;( Any ideas how to fix this?


----------



## SirDice (Jan 12, 2012)

Did you configure an LDAP server? With SSL?


----------



## Leander (Jan 13, 2012)

Yes I did configure it with SSL/TLS. It's being used by samba.


----------



## Leander (Jan 16, 2012)

any ideas?


----------



## paraqles (Jan 20, 2012)

I'm having the same problem, and it locks for me as if there is a problem with x509 in the perl ldap.

The same configuration works fine for pam_ldap, nss_ldap and ldapsearch -x -ZZ.

Greetings,
paraqles


----------



## paraqles (Jan 20, 2012)

So now I have tested the same without ssf=128 and set ssf=0, now it's working.

But for production environment this is not feasible.

Greetings,
paraqles


----------



## Leander (Jan 21, 2012)

I changed ssf=0. Now I'm all of a sudden getting Hostname errors?


```
FreeBSD [~]# smbldap-populate 
Use of qw(...) as parentheses is deprecated at /usr/local/lib/perl5/site_perl/5.14.2/smbldap_tools.pm line 1423, <DATA> line 522.
Populating LDAP directory for domain MyDomain (S-1-5-21-1[...])
(using builtin directory structure)

Could not start_tls: Cannot determine peer hostname for verificationerror:00000000:lib(0):func(0):reason(0) at
 /usr/local/lib/perl5/site_perl/5.14.2/smbldap_tools.pm line 365.
FreeBSD [~]#
```


----------



## paraqles (Jan 21, 2012)

If you want to try this you also should set:
/usr/local/etc/smbldap/smbldap.conf

```
ldapTLS="0"
ldapSSL="0"
```


----------

