Heads-up: Setting "ldap ssl = start_tls" in 3.3.0?
Rafal Szczesniak
mimir at samba.org
Thu Dec 18 12:40:35 GMT 2008
On Thu, Dec 18, 2008 at 08:52:25AM +0100, Karolin Seeger wrote:
> according to the smb.conf manpage, the default value for "ldap ssl" was
> "start_tls". While trying to fix bug #5949, it sticked out that LDAP_SSL_ON was
> not defined at all and the effective default value was "" for a very long period
> of time.
>
> To assure consistency, the default value has been set to "ldap ssl = no" in all
> trees. The documentation has been updated accordingly. Changing the default to
> "start_tls" would break existing setups using LDAP backends without tls.
>
> The question is if we should change the default to "start_tls" in 3.3.0.
> Any opinions?
3.2.0 - "ldap ssl = no" (So the existing setups are not broken)
3.3.0 - "ldap ssl = start_tls" (For security reasons)
cheers,
--
Rafal Szczesniak
Samba Team member http://www.samba.org
Likewise Software http://www.likewisesoftware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20081218/8f1a7bd7/attachment.bin
More information about the samba-technical
mailing list