The branch, master has been updated via 994ef68164c12a3b0494f6491bc9f402c912600f (commit) via b6e7caebe4e7b95977540ea068fb37b4c0cdf97b (commit) via 580461629bb88ce3b61770e7abfe2c942a121877 (commit) via 9458d4be87f50abbaf0350bf5e3a968ae5fbeba5 (commit) via 6ac36698e975649d26e3f2975c2101129c3ffe97 (commit) from 6878295636116e17165dc8f7e195ca97cde14633 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 994ef68164c12a3b0494f6491bc9f402c912600f Author: Karolin Seeger <ksee...@samba.org> Date: Wed Dec 17 16:28:59 2008 +0100 docs: Fix typo in man idmap_hash. Karolin commit b6e7caebe4e7b95977540ea068fb37b4c0cdf97b Author: Karolin Seeger <ksee...@samba.org> Date: Wed Dec 17 16:26:43 2008 +0100 s3/smb.h: Remove unused LDAP_SSL_ON. LDAP_SSL_ON is not defined at all. Ldaps can be used by specifying an ldaps URL using the "passdb backend" parameter. Karolin commit 580461629bb88ce3b61770e7abfe2c942a121877 Author: Karolin Seeger <ksee...@samba.org> Date: Wed Dec 17 16:18:38 2008 +0100 docs: Update section "ldap ssl" in man smb.conf. Remove non-existent value "on". Change default value to "no". Add hint about ldaps. Karolin commit 9458d4be87f50abbaf0350bf5e3a968ae5fbeba5 Author: Karolin Seeger <ksee...@samba.org> Date: Wed Dec 17 15:53:51 2008 +0100 s3/loadparm.c: Change default value for "ldap ssl". LDAP_SSL_ON is not defined at all. That's why the actual default value was "" for a long time. Set a more sensible default value without chnging the default behaviour. -----8<------------------snip--------------8<-------------- u...@host:/data/git/samba/v3-0-test/source> git grep LDAP_SSL_ON | cat include/smb.h:enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS}; param/loadparm.c: Globals.ldap_ssl = LDAP_SSL_ON; ----->8------------------snap-------------->8-------------- It's the same in 3.2 and 3.3 series. Karolin commit 6ac36698e975649d26e3f2975c2101129c3ffe97 Author: Karolin Seeger <ksee...@samba.org> Date: Wed Dec 17 15:42:12 2008 +0100 docs: Fix some formatting issues in the "ldap ssl" section of man smb.conf. Karolin ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages-3/idmap_hash.8.xml | 2 +- docs-xml/smbdotconf/ldap/ldapssl.xml | 37 ++++++++++++++++----------------- source3/include/smb.h | 2 +- source3/param/loadparm.c | 2 +- 4 files changed, 21 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml index 8e452b3..fbafd71 100644 --- a/docs-xml/manpages-3/idmap_hash.8.xml +++ b/docs-xml/manpages-3/idmap_hash.8.xml @@ -37,7 +37,7 @@ Specifies the absolute path to the name mapping file used by the nss_info API. Entries in the file are of the form "<replaceable>unix name</replaceable> - = <replaceable>qualified domain name</replaceable>"e;. + = <replaceable>qualified domain name</replaceable>". Mapping of both user and group names is supported. </para></listitem> </varlistentry> diff --git a/docs-xml/smbdotconf/ldap/ldapssl.xml b/docs-xml/smbdotconf/ldap/ldapssl.xml index 39ed08f..d785071 100644 --- a/docs-xml/smbdotconf/ldap/ldapssl.xml +++ b/docs-xml/smbdotconf/ldap/ldapssl.xml @@ -3,36 +3,35 @@ type="enum" advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> - <description> +<description> <para>This option is used to define whether or not Samba should use SSL when connecting to the ldap server This is <emphasis>NOT</emphasis> related to - Samba's previous SSL support which was enabled by specifying the - <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> + Samba's previous SSL support which was enabled by specifying the + <command moreinfo="none">--with-ssl</command> option to the + <filename moreinfo="none">configure</filename> script.</para> - -<para>The <smbconfoption name="ldap ssl"/> can be set to one of three values:</para> + + <para>LDAP connections should be secured where possible. This may be + done setting either this parameter to + <parameter moreinfo="none">Start_tls</parameter> + or by specifying <parameter moreinfo="none">ldaps://</parameter> in + the URL argument of <smbconfoption name="passdb backend"/>.</para> + + <para>The <smbconfoption name="ldap ssl"/> can be set to one of + two values:</para> <itemizedlist> <listitem> - <para><parameter moreinfo="none">Off</parameter> = Never + <para><parameter moreinfo="none">Off</parameter> = Never use SSL when querying the directory.</para> </listitem> <listitem> - <para><parameter moreinfo="none">Start_tls</parameter> = Use - the LDAPv3 StartTLS extended operation (RFC2830) for + <para><parameter moreinfo="none">Start_tls</parameter> = Use + the LDAPv3 StartTLS extended operation (RFC2830) for communicating with the directory server.</para> </listitem> - - <listitem> - <para><parameter moreinfo="none">On</parameter> = Use SSL - on the ldaps port when contacting the <parameter - moreinfo="none">ldap server</parameter>. Only available when the - backwards-compatiblity <command - moreinfo="none">--with-ldapsam</command> option is specified - to configure. See <smbconfoption name="passdb backend"/></para>. - </listitem> - </itemizedlist> + </itemizedlist> </description> -<value type="default">start_tls</value> +<value type="default">no</value> </samba:parameter> diff --git a/source3/include/smb.h b/source3/include/smb.h index 891bd4a..a8a2d98 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1514,7 +1514,7 @@ enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX, enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA}; /* LDAP SSL options */ -enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS}; +enum ldap_ssl_types {LDAP_SSL_OFF, LDAP_SSL_START_TLS}; /* LDAP PASSWD SYNC methods */ enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY}; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 9a55067..9bd6645 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4886,7 +4886,7 @@ static void init_globals(bool first_time_only) string_set(&Globals.szLdapIdmapSuffix, ""); string_set(&Globals.szLdapAdminDn, ""); - Globals.ldap_ssl = LDAP_SSL_ON; + Globals.ldap_ssl = LDAP_SSL_OFF; Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF; Globals.ldap_delete_dn = False; Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */ -- Samba Shared Repository