The branch, v3-3-test has been updated
       via  d332da87068cd72489941010a33e372ab53d3bcc (commit)
      from  910cbc5d6e932fa8ed0066d407a40195b6629a37 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit d332da87068cd72489941010a33e372ab53d3bcc
Author: Michael Adam <[email protected]>
Date:   Thu Jan 29 13:17:46 2009 +0100

    fix bug #6073: prevent ads_connect() from using SSL unless explicitly 
requested
    
    This fixes "net ads join".
    It copes with the changed default "ldap ssl = start tls".
    A new boolean option "ldap ssl : ads" is added to allow for
    explicitly requesting ssl with  ads.
    
    Michael

-----------------------------------------------------------------------

Summary of changes:
 source/libads/ldap.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index f3bc2c5..5c95d4f 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -672,9 +672,11 @@ got_connection:
 
        ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 
-       status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
-       if (!ADS_ERR_OK(status)) {
-               goto out;
+       if (lp_parm_bool(-1, "ldap ssl", "ads", false)) {
+               status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
+               if (!ADS_ERR_OK(status)) {
+                       goto out;
+               }
        }
 
        /* fill in the current time and offsets */


-- 
Samba Shared Repository

Reply via email to