fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested

This fixes "net ads join". It copes with the changed default "ldap ssl = start tls". A new boolean option "ldap ssl : ads" is added to allow for explicitly requesting ssl with ads. Michael (cherry picked from commit d332da87068cd72489941010a33e372ab53d3bcc)
author: Michael Adam <obnox@samba.org> 2009-01-29 13:17:46 +0100
committer: Karolin Seeger <kseeger@samba.org> 2009-02-16 09:56:47 +0100
commit: 3676bc7f2f2f821d78910a845a9bf680b295f412 (patch)
tree: a4b31b1f18361b44ec8faaecf8558e97985d4ac1 /source/libads
parent: a46045e107193d79c0aa776cb5aed1131d2a74cc (diff)
download: samba-3676bc7f2f2f821d78910a845a9bf680b295f412.tar.gz
samba-3676bc7f2f2f821d78910a845a9bf680b295f412.tar.xz
samba-3676bc7f2f2f821d78910a845a9bf680b295f412.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index f3bc2c5032b..5c95d4f6124 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -672,9 +672,11 @@ got_connection:
 
 	ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 
-	status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
-	if (!ADS_ERR_OK(status)) {
-		goto out;
+	if (lp_parm_bool(-1, "ldap ssl", "ads", false)) {
+		status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
+		if (!ADS_ERR_OK(status)) {
+			goto out;
+		}
 	}
 
 	/* fill in the current time and offsets */
author	Michael Adam <obnox@samba.org>	2009-01-29 13:17:46 +0100
committer	Karolin Seeger <kseeger@samba.org>	2009-02-16 09:56:47 +0100
commit	3676bc7f2f2f821d78910a845a9bf680b295f412 (patch)
tree	a4b31b1f18361b44ec8faaecf8558e97985d4ac1 /source/libads
parent	a46045e107193d79c0aa776cb5aed1131d2a74cc (diff)
download	samba-3676bc7f2f2f821d78910a845a9bf680b295f412.tar.gz samba-3676bc7f2f2f821d78910a845a9bf680b295f412.tar.xz samba-3676bc7f2f2f821d78910a845a9bf680b295f412.zip