cldap

Andrew Bartlett abartlet at samba.org
Thu May 11 22:17:01 GMT 2006


On Thu, 2006-05-11 at 06:54 -0700, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jim McDonough wrote:
> 
> > Phew, it's been a while, but I think we did, after fiddling around with 
> > the security settings.  CLDAP is inherently anonymous, so you can't 
> > authenticate.  It's just a matter of what is allowed anonymously.  I don't 
> > recall if it was just a matter of setting ACLS on an RDN or if we had to 
> > do something with security policies or registry.
> 
> You can create the cldap calls from win32 really easily.
> There's a cldap_open() Win32 api call that returns an LDAP*
> which can be used with ldap_search_s().  That how I toyed
> with the rootDSE stuff.
> 
> My goal was to get the currentTime attribute via CLDAP and avoid
> the TCP session in ads_connect().  One of the guys at work mentioned
> that the udp ldap pings would take arbitrary search filters.

What will you be making the eventual connection with?  Don't we also
have the current server time in the negprot reply?

That said, I support the better use of CLDAP for DC discovery etc.  I
think it will be a useful feature. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060512/c64a0e4e/attachment.bin


More information about the samba-technical mailing list