ADV190023 | LDAP channel binding support
iboukris at gmail.com
Wed Feb 19 19:53:16 UTC 2020
On Wed, Feb 19, 2020 at 12:27 PM Isaac Boukris <iboukris at gmail.com> wrote:
> On Tue, Feb 18, 2020 at 5:48 PM Stefan Metzmacher <metze at samba.org> wrote:
> > I looked at it a bit, see
> > https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=ac8fd11f1d4b9deb48d6c7942af0c83b52d69d7f
> > I think we need input from dochelp to answer 2 questions:
> > 1. which kind of channel bindings are expected/used by windows?
> > I assume tls-server-end-point. I guess MS-ADTS would be the place
> > to define these details for ldaps.
> This blog also suggests it's tls-server-end-point (about HTTP) :
It's definitely "tls-server-end-point:", I got ldapsearch working by
hardcoding my lab server certificate just before the gss_init_sec
call, see attached.
md = hashlib.sha256()
mydata = b'tls-server-end-point:' + md.digest()
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1667 bytes
Desc: not available
More information about the samba-technical