[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-32-89-ga311365

Karolin Seeger kseeger at samba.org
Wed Dec 17 15:57:23 GMT 2008 

The branch, v3-0-test has been updated
       via  a3113657b4427eddcfbb10d71e9e8ade06bbd16f (commit)
       via  7a39f3eaf571fd9da6f8e103eeb50c5bcebd18c1 (commit)
       via  e147c4679f8095738fea6ab2c9fb37fbecc9bb85 (commit)
       via  78ec02e8221aea7633ed63f5fc5084a12c9796d4 (commit)
      from  875dfb887dba90807ed5b371334574997be419a8 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test


- Log -----------------------------------------------------------------
commit a3113657b4427eddcfbb10d71e9e8ade06bbd16f
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Dec 17 16:26:43 2008 +0100

    s3/smb.h: Remove unused LDAP_SSL_ON.
    
    LDAP_SSL_ON is not defined at all.
    Ldaps can be used by specifying an ldaps URL using the "passdb backend"
    parameter.
    
    Karolin
    (cherry picked from commit 0c6cf1f8793edfde924289aafbd174ce4a4fae0c)
    (cherry picked from commit 7f36de6906811d4f0428b75c79c72b17b8ccfcef)

commit 7a39f3eaf571fd9da6f8e103eeb50c5bcebd18c1
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Dec 17 15:53:51 2008 +0100

    s3/loadparm.c: Change default value for "ldap ssl".
    
    LDAP_SSL_ON is not defined at all. That's why the actual default value
    was "" for a long time. Set a more sensible default value without chnging the
    default behaviour.
    
    -----8<------------------snip--------------8<--------------
    user at host:/data/git/samba/v3-0-test/source> git grep LDAP_SSL_ON | cat
    include/smb.h:enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF,
    LDAP_SSL_START_TLS};
    param/loadparm.c:       Globals.ldap_ssl = LDAP_SSL_ON;
    ----->8------------------snap-------------->8--------------
    
    It's the same in 3.2 and 3.3 series.
    
    Karolin
    (cherry picked from commit e6d883e003d4560c55259ae1cfdf7319602f76e3)
    (cherry picked from commit 5c686419096362176d80f3d05339b8836d0178a4)

commit e147c4679f8095738fea6ab2c9fb37fbecc9bb85
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Dec 17 16:18:38 2008 +0100

    docs: Update section "ldap ssl" in man smb.conf.
    
    Remove non-existent value "on".
    Change default value to "no".
    Add hint about ldaps.
    
    Karolin
    (cherry picked from commit 580461629bb88ce3b61770e7abfe2c942a121877)
    (cherry picked from commit d74356627579fe7b9961844a77c4e6daa978d62b)
    (cherry picked from commit 882ac5e5a79646754dfd1669ea6720ab52c9b6ee)

commit 78ec02e8221aea7633ed63f5fc5084a12c9796d4
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Dec 17 15:42:12 2008 +0100

    docs: Fix some formatting issues in the "ldap ssl" section of man smb.conf.
    
    Karolin
    (cherry picked from commit 6ac36698e975649d26e3f2975c2101129c3ffe97)
    (cherry picked from commit 655a1c7b05d56326d6cfffbc8e46e1d64565717a)
    (cherry picked from commit 2534619eedc3e9528d589cfee793a55b3cc62bed)

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/smbdotconf/ldap/ldapssl.xml |   37 ++++++++++++++++-----------------
 source/include/smb.h                 |    2 +-
 source/param/loadparm.c              |    2 +-
 3 files changed, 20 insertions(+), 21 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/ldap/ldapssl.xml b/docs-xml/smbdotconf/ldap/ldapssl.xml
index 39ed08f..d785071 100644
--- a/docs-xml/smbdotconf/ldap/ldapssl.xml
+++ b/docs-xml/smbdotconf/ldap/ldapssl.xml
@@ -3,36 +3,35 @@
 				 type="enum"
                  advanced="1" developer="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
- <description>
+<description>
 	<para>This option is used to define whether or not Samba should
 	use SSL when connecting to the ldap server
 	This is <emphasis>NOT</emphasis> related to
-	Samba's previous SSL support which was enabled by specifying the 
-	 <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> 
+	Samba's previous SSL support which was enabled by specifying the
+	<command moreinfo="none">--with-ssl</command> option to the
+	<filename moreinfo="none">configure</filename>
 	script.</para>
-		
-<para>The <smbconfoption name="ldap ssl"/> can be set to one of three values:</para>	
+
+	<para>LDAP connections should be secured where possible. This may be
+	done setting either this parameter to
+	<parameter moreinfo="none">Start_tls</parameter>
+	or by specifying <parameter moreinfo="none">ldaps://</parameter> in
+        the URL argument of <smbconfoption name="passdb backend"/>.</para>
+
+	<para>The <smbconfoption name="ldap ssl"/> can be set to one of
+	two values:</para>
 	<itemizedlist>
 		<listitem>
-			<para><parameter moreinfo="none">Off</parameter> = Never 
+			<para><parameter moreinfo="none">Off</parameter> = Never
 			use SSL when querying the directory.</para>
 		</listitem>
 
 		<listitem>
-			<para><parameter moreinfo="none">Start_tls</parameter> = Use 
-			the LDAPv3 StartTLS extended operation (RFC2830) for 
+			<para><parameter moreinfo="none">Start_tls</parameter> = Use
+			the LDAPv3 StartTLS extended operation (RFC2830) for
 			communicating with the directory server.</para>
 		</listitem>
-	    
-		<listitem>
-			<para><parameter moreinfo="none">On</parameter>  = Use SSL 
-			on the ldaps port when contacting the <parameter 
-			moreinfo="none">ldap server</parameter>. Only available when the 
-			backwards-compatiblity <command 
-			moreinfo="none">--with-ldapsam</command> option is specified
-		to configure. See <smbconfoption name="passdb backend"/></para>.
-		</listitem>
-	</itemizedlist>		
+	</itemizedlist>
 </description>
-<value type="default">start_tls</value>
+<value type="default">no</value>
 </samba:parameter>
diff --git a/source/include/smb.h b/source/include/smb.h
index 13e9162..0aec3ff 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -1563,7 +1563,7 @@ enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
 enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA};
 
 /* LDAP SSL options */
-enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
+enum ldap_ssl_types {LDAP_SSL_OFF, LDAP_SSL_START_TLS};
 
 /* LDAP PASSWD SYNC methods */
 enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 0ac16d1..4fc0c06 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -1595,7 +1595,7 @@ static void init_globals(BOOL first_time_only)
 	string_set(&Globals.szLdapIdmapSuffix, "");
 
 	string_set(&Globals.szLdapAdminDn, "");
-	Globals.ldap_ssl = LDAP_SSL_ON;
+	Globals.ldap_ssl = LDAP_SSL_OFF;
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = False;
 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */


-- 
Samba Shared Repository

More information about the samba-cvs mailing list