From 3676bc7f2f2f821d78910a845a9bf680b295f412 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 29 Jan 2009 13:17:46 +0100 Subject: [PATCH] fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested This fixes "net ads join". It copes with the changed default "ldap ssl = start tls". A new boolean option "ldap ssl : ads" is added to allow for explicitly requesting ssl with ads. Michael (cherry picked from commit d332da87068cd72489941010a33e372ab53d3bcc) --- source/libads/ldap.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/source/libads/ldap.c b/source/libads/ldap.c index f3bc2c5032b..5c95d4f6124 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -672,9 +672,11 @@ got_connection: ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version); - status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version)); - if (!ADS_ERR_OK(status)) { - goto out; + if (lp_parm_bool(-1, "ldap ssl", "ads", false)) { + status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version)); + if (!ADS_ERR_OK(status)) { + goto out; + } } /* fill in the current time and offsets */ -- 2.11.4.GIT