38 lines
1.1 KiB
Diff
38 lines
1.1 KiB
Diff
From d332da87068cd72489941010a33e372ab53d3bcc Mon Sep 17 00:00:00 2001
|
|
From: Michael Adam <obnox@samba.org>
|
|
Date: Thu, 29 Jan 2009 13:17:46 +0100
|
|
Subject: [PATCH] fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested
|
|
|
|
This fixes "net ads join".
|
|
It copes with the changed default "ldap ssl = start tls".
|
|
A new boolean option "ldap ssl : ads" is added to allow for
|
|
explicitly requesting ssl with ads.
|
|
|
|
Michael
|
|
---
|
|
source/libads/ldap.c | 8 +++++---
|
|
1 files changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
|
|
index f3bc2c5..5c95d4f 100644
|
|
--- a/source/libads/ldap.c
|
|
+++ b/source/libads/ldap.c
|
|
@@ -672,9 +672,11 @@ got_connection:
|
|
|
|
ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
|
|
|
|
- status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
|
|
- if (!ADS_ERR_OK(status)) {
|
|
- goto out;
|
|
+ if (lp_parm_bool(-1, "ldap ssl", "ads", false)) {
|
|
+ status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
|
|
+ if (!ADS_ERR_OK(status)) {
|
|
+ goto out;
|
|
+ }
|
|
}
|
|
|
|
/* fill in the current time and offsets */
|
|
--
|
|
1.6.0.2
|
|
|