start_tls killing ads?
gd at samba.org
Tue Jan 3 11:26:45 GMT 2006
On Mon, Jan 02, 2006 at 10:27:36PM +0100, Volker Lendecke wrote:
> Hi (Günther)!
> With revision r11875 you checked use of start_tls in libads/ldap.c in. I've got
> a case where I would like to use security=ads with a non-tls'ed W2k3 and an
> tls'ed passdb and idmap backend. Unfortunately 11875 does not allow this
> scenario. What do you propose in this case?
Ouch, the darkside of parameter recycling... IIRC we'll have the same
problem when we want to use different tcp LDAP ports for ADS and
passdb/idmap. And what if you want to use start_tls for passdb but not for
idmap? At least for the ads case we can't avoid a new parameter, I'm
> BTW, we need to add sasl transport security, but probably this means porting
> the ildap and gensec libs to keep our mental health....
He he, you've got my vote :) If you have time and energy...
Günther Deschner GPG-ID: 8EE11688
Novell / SUSE LINUX gd at suse.de
Samba Team gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060103/5e6977c1/attachment.bin
More information about the samba-technical