Heads-up: Setting "ldap ssl = start_tls" in 3.3.0?

Rafal Szczesniak mimir at samba.org
Thu Dec 18 12:40:35 GMT 2008


On Thu, Dec 18, 2008 at 08:52:25AM +0100, Karolin Seeger wrote:
> according to the smb.conf manpage, the default value for "ldap ssl" was
> "start_tls". While trying to fix bug #5949, it sticked out that LDAP_SSL_ON was
> not defined at all and the effective default value was "" for a very long period
> of time.
> 
> To assure consistency, the default value has been set to "ldap ssl = no" in all
> trees. The documentation has been updated accordingly. Changing the default to
> "start_tls" would break existing setups using LDAP backends without tls.
> 
> The question is if we should change the default to "start_tls" in 3.3.0.
> Any opinions?

3.2.0 - "ldap ssl = no" (So the existing setups are not broken)

3.3.0 - "ldap ssl = start_tls" (For security reasons)


cheers,
-- 
Rafal Szczesniak
Samba Team member   http://www.samba.org
Likewise Software   http://www.likewisesoftware.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20081218/8f1a7bd7/attachment.bin


More information about the samba-technical mailing list