ADV190023 | LDAP channel binding support

Andrew Walker awalker at ixsystems.com
Tue Feb 18 17:31:37 UTC 2020


On Tue, Feb 18, 2020 at 11:07 AM Isaac Boukris via samba-technical <
samba-technical at lists.samba.org> wrote:

> Hi,
>
> I tested net-ads-search from a joined machine configured with "ldap
> ssl ads = yes", and it works once I also set "client ldap sasl
> wrapping = plain".
>

This is part is I believe expected. MS-ADTS 5.1.1.2 states:
"While Active Directory permits SASL binds to be performed on an
SSL/TLS-protected connection, it does not permit the use of SASL-layer
confidentiality/integrity protection mechanisms on such a connection."


More information about the samba-technical mailing list