[SCM] Samba Shared Repository - branch master updated - 994ef68164c12a3b0494f6491bc9f402c912600f

Karolin Seeger kseeger at samba.org
Wed Dec 17 15:31:36 GMT 2008 

The branch, master has been updated
       via  994ef68164c12a3b0494f6491bc9f402c912600f (commit)
       via  b6e7caebe4e7b95977540ea068fb37b4c0cdf97b (commit)
       via  580461629bb88ce3b61770e7abfe2c942a121877 (commit)
       via  9458d4be87f50abbaf0350bf5e3a968ae5fbeba5 (commit)
       via  6ac36698e975649d26e3f2975c2101129c3ffe97 (commit)
      from  6878295636116e17165dc8f7e195ca97cde14633 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 994ef68164c12a3b0494f6491bc9f402c912600f
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Dec 17 16:28:59 2008 +0100

    docs: Fix typo in man idmap_hash.
    
    Karolin

commit b6e7caebe4e7b95977540ea068fb37b4c0cdf97b
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Dec 17 16:26:43 2008 +0100

    s3/smb.h: Remove unused LDAP_SSL_ON.
    
    LDAP_SSL_ON is not defined at all.
    Ldaps can be used by specifying an ldaps URL using the "passdb backend"
    parameter.
    
    Karolin

commit 580461629bb88ce3b61770e7abfe2c942a121877
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Dec 17 16:18:38 2008 +0100

    docs: Update section "ldap ssl" in man smb.conf.
    
    Remove non-existent value "on".
    Change default value to "no".
    Add hint about ldaps.
    
    Karolin

commit 9458d4be87f50abbaf0350bf5e3a968ae5fbeba5
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Dec 17 15:53:51 2008 +0100

    s3/loadparm.c: Change default value for "ldap ssl".
    
    LDAP_SSL_ON is not defined at all. That's why the actual default value
    was "" for a long time. Set a more sensible default value without chnging the
    default behaviour.
    
    -----8<------------------snip--------------8<--------------
    user at host:/data/git/samba/v3-0-test/source> git grep LDAP_SSL_ON | cat
    include/smb.h:enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF,
    LDAP_SSL_START_TLS};
    param/loadparm.c:       Globals.ldap_ssl = LDAP_SSL_ON;
    ----->8------------------snap-------------->8--------------
    
    It's the same in 3.2 and 3.3 series.
    
    Karolin

commit 6ac36698e975649d26e3f2975c2101129c3ffe97
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Dec 17 15:42:12 2008 +0100

    docs: Fix some formatting issues in the "ldap ssl" section of man smb.conf.
    
    Karolin

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages-3/idmap_hash.8.xml |    2 +-
 docs-xml/smbdotconf/ldap/ldapssl.xml |   37 ++++++++++++++++-----------------
 source3/include/smb.h                |    2 +-
 source3/param/loadparm.c             |    2 +-
 4 files changed, 21 insertions(+), 22 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml
index 8e452b3..fbafd71 100644
--- a/docs-xml/manpages-3/idmap_hash.8.xml
+++ b/docs-xml/manpages-3/idmap_hash.8.xml
@@ -37,7 +37,7 @@
 		    Specifies the absolute path to the name mapping
 		    file used by the nss_info API.  Entries in the file
 		    are of the form &quot;<replaceable>unix name</replaceable>
-		    = <replaceable>qualified domain name</replaceable>&quote;.
+		    = <replaceable>qualified domain name</replaceable>&quot;.
 		    Mapping of both user and group names is supported.
 		</para></listitem>
 		</varlistentry>
diff --git a/docs-xml/smbdotconf/ldap/ldapssl.xml b/docs-xml/smbdotconf/ldap/ldapssl.xml
index 39ed08f..d785071 100644
--- a/docs-xml/smbdotconf/ldap/ldapssl.xml
+++ b/docs-xml/smbdotconf/ldap/ldapssl.xml
@@ -3,36 +3,35 @@
 				 type="enum"
                  advanced="1" developer="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
- <description>
+<description>
 	<para>This option is used to define whether or not Samba should
 	use SSL when connecting to the ldap server
 	This is <emphasis>NOT</emphasis> related to
-	Samba's previous SSL support which was enabled by specifying the 
-	 <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> 
+	Samba's previous SSL support which was enabled by specifying the
+	<command moreinfo="none">--with-ssl</command> option to the
+	<filename moreinfo="none">configure</filename>
 	script.</para>
-		
-<para>The <smbconfoption name="ldap ssl"/> can be set to one of three values:</para>	
+
+	<para>LDAP connections should be secured where possible. This may be
+	done setting either this parameter to
+	<parameter moreinfo="none">Start_tls</parameter>
+	or by specifying <parameter moreinfo="none">ldaps://</parameter> in
+        the URL argument of <smbconfoption name="passdb backend"/>.</para>
+
+	<para>The <smbconfoption name="ldap ssl"/> can be set to one of
+	two values:</para>
 	<itemizedlist>
 		<listitem>
-			<para><parameter moreinfo="none">Off</parameter> = Never 
+			<para><parameter moreinfo="none">Off</parameter> = Never
 			use SSL when querying the directory.</para>
 		</listitem>
 
 		<listitem>
-			<para><parameter moreinfo="none">Start_tls</parameter> = Use 
-			the LDAPv3 StartTLS extended operation (RFC2830) for 
+			<para><parameter moreinfo="none">Start_tls</parameter> = Use
+			the LDAPv3 StartTLS extended operation (RFC2830) for
 			communicating with the directory server.</para>
 		</listitem>
-	    
-		<listitem>
-			<para><parameter moreinfo="none">On</parameter>  = Use SSL 
-			on the ldaps port when contacting the <parameter 
-			moreinfo="none">ldap server</parameter>. Only available when the 
-			backwards-compatiblity <command 
-			moreinfo="none">--with-ldapsam</command> option is specified
-		to configure. See <smbconfoption name="passdb backend"/></para>.
-		</listitem>
-	</itemizedlist>		
+	</itemizedlist>
 </description>
-<value type="default">start_tls</value>
+<value type="default">no</value>
 </samba:parameter>
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 891bd4a..a8a2d98 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1514,7 +1514,7 @@ enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
 enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA};
 
 /* LDAP SSL options */
-enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
+enum ldap_ssl_types {LDAP_SSL_OFF, LDAP_SSL_START_TLS};
 
 /* LDAP PASSWD SYNC methods */
 enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 9a55067..9bd6645 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -4886,7 +4886,7 @@ static void init_globals(bool first_time_only)
 	string_set(&Globals.szLdapIdmapSuffix, "");
 
 	string_set(&Globals.szLdapAdminDn, "");
-	Globals.ldap_ssl = LDAP_SSL_ON;
+	Globals.ldap_ssl = LDAP_SSL_OFF;
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = False;
 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */


-- 
Samba Shared Repository

More information about the samba-cvs mailing list