This option is used to define whether or not Samba should use SSL when connecting to the ldap server This is NOT related to Samba's previous SSL support which was enabled by specifying the --with-ssl option to the configure script. The ldap ssl can be set to one of three values: Off = Never use SSL when querying the directory. Start_tls = Use the LDAPv3 StartTLS extended operation (RFC2830) for communicating with the directory server. On = Use SSL on the ldaps port when contacting the ldap server. Only available when the backwards-compatiblity --with-ldapsam option is specified to configure. See passdb backend Default : ldap ssl = start_tls