gitlab: testing of ldap-ssl-ads option

Andrew Bartlett abartlet at
Tue Jun 23 01:37:43 UTC 2020

On Mon, 2020-06-22 at 23:02 +0200, Isaac Boukris wrote:
> On Mon, Jun 22, 2020 at 9:32 PM Andrew Bartlett <abartlet at>
> wrote:
> > 
> > Likewise, ldap ssl ads should explain more which operations it
> > applies
> > to (additionally note it doesn't apply to tldap and so idmap_ad as
> > TLS
> > isn't implemented there yet).
> Yeah, I'm still unclear how it relates to and differs from "ldap
> ssl".

"ldap ssl" is about if we should use TLS to protect the LDAP connection
between Samba's pdb_ldap passdb module and the (typically) OpenLDAP

Sometimes this is over ldapi:// and doesn't matter, but often this will
be a remote (eg organisational central) LDAP server.  Even with local
servers this matters when chasing a referral from the local slave to
the master server to write a password change.

As the AD domain member case is quite different, even if using similar
code, a new option was added.

Andrew Bartlett
Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT 

More information about the samba-technical mailing list