gitlab: testing of ldap-ssl-ads option
Andrew Bartlett
abartlet at samba.org
Tue Jun 23 01:37:43 UTC 2020
On Mon, 2020-06-22 at 23:02 +0200, Isaac Boukris wrote:
> On Mon, Jun 22, 2020 at 9:32 PM Andrew Bartlett <abartlet at samba.org>
> wrote:
> >
> > Likewise, ldap ssl ads should explain more which operations it
> > applies
> > to (additionally note it doesn't apply to tldap and so idmap_ad as
> > TLS
> > isn't implemented there yet).
>
> Yeah, I'm still unclear how it relates to and differs from "ldap
> ssl".
"ldap ssl" is about if we should use TLS to protect the LDAP connection
between Samba's pdb_ldap passdb module and the (typically) OpenLDAP
server.
Sometimes this is over ldapi:// and doesn't matter, but often this will
be a remote (eg organisational central) LDAP server. Even with local
servers this matters when chasing a referral from the local slave to
the master server to write a password change.
As the AD domain member case is quite different, even if using similar
code, a new option was added.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list