start_tls killing ads?

Guenther Deschner gd at samba.org
Tue Jan 3 11:26:45 GMT 2006


Hi Volker,

On Mon, Jan 02, 2006 at 10:27:36PM +0100, Volker Lendecke wrote:
> Hi (Günther)!
> 
> With revision r11875 you checked use of start_tls in libads/ldap.c in. I've got
> a case where I would like to use security=ads with a non-tls'ed W2k3 and an
> tls'ed passdb and idmap backend. Unfortunately 11875 does not allow this
> scenario. What do you propose in this case?

Ouch, the darkside of parameter recycling... IIRC we'll have the same
problem when we want to use different tcp LDAP ports for ADS and
passdb/idmap. And what if you want to use start_tls for passdb but not for
idmap? At least for the ads case we can't avoid a new parameter, I'm
afraid.

> BTW, we need to add sasl transport security, but probably this means porting
> the ildap and gensec libs to keep our mental health....

He he, you've got my vote :) If you have time and energy...

Cheers,
Guenther

-- 
Günther Deschner                    GPG-ID: 8EE11688
Novell / SUSE LINUX                       gd at suse.de
Samba Team                              gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060103/5e6977c1/attachment.bin


More information about the samba-technical mailing list