Heads-up: Setting "ldap ssl = start_tls" in 3.3.0?
Michael Adam
obnox at samba.org
Thu Dec 18 12:48:49 GMT 2008
Rafal Szczesniak wrote:
> On Thu, Dec 18, 2008 at 08:52:25AM +0100, Karolin Seeger wrote:
> > according to the smb.conf manpage, the default value for "ldap ssl" was
> > "start_tls". While trying to fix bug #5949, it sticked out that LDAP_SSL_ON was
> > not defined at all and the effective default value was "" for a very long period
> > of time.
> >
> > To assure consistency, the default value has been set to "ldap ssl = no" in all
> > trees. The documentation has been updated accordingly. Changing the default to
> > "start_tls" would break existing setups using LDAP backends without tls.
> >
> > The question is if we should change the default to "start_tls" in 3.3.0.
> > Any opinions?
>
> 3.2.0 - "ldap ssl = no" (So the existing setups are not broken)
>
> 3.3.0 - "ldap ssl = start_tls" (For security reasons)
Same vote from me.
Michael
--
Michael Adam <ma at sernet.de> <obnox at samba.org>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20081218/f7e54747/attachment.bin
More information about the samba-technical
mailing list