diff options
author | Michael Adam <obnox@samba.org> | 2009-01-29 13:17:46 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-02-16 09:56:47 +0100 |
commit | 3676bc7f2f2f821d78910a845a9bf680b295f412 (patch) | |
tree | a4b31b1f18361b44ec8faaecf8558e97985d4ac1 /source/libads | |
parent | a46045e107193d79c0aa776cb5aed1131d2a74cc (diff) | |
download | samba-3676bc7f2f2f821d78910a845a9bf680b295f412.tar.gz samba-3676bc7f2f2f821d78910a845a9bf680b295f412.tar.xz samba-3676bc7f2f2f821d78910a845a9bf680b295f412.zip |
fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested
This fixes "net ads join".
It copes with the changed default "ldap ssl = start tls".
A new boolean option "ldap ssl : ads" is added to allow for
explicitly requesting ssl with ads.
Michael
(cherry picked from commit d332da87068cd72489941010a33e372ab53d3bcc)
Diffstat (limited to 'source/libads')
-rw-r--r-- | source/libads/ldap.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/source/libads/ldap.c b/source/libads/ldap.c index f3bc2c5032b..5c95d4f6124 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -672,9 +672,11 @@ got_connection: ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version); - status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version)); - if (!ADS_ERR_OK(status)) { - goto out; + if (lp_parm_bool(-1, "ldap ssl", "ads", false)) { + status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version)); + if (!ADS_ERR_OK(status)) { + goto out; + } } /* fill in the current time and offsets */ |