s4:ldap_server: add support for tls channel bindings

[vlendec/samba-autobuild/.git] / source3 / utils / testparm.c

diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index fd90e8d734a8842bc312fdc251472abaabf6e1fe..34bce413f82f70900cf5e08459c166d19c7779b3 100644 (file)
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -615,6 +615,18 @@ static int do_global_checks(void)
                ret = 1;
        }
 
+       if (lp_ldap_server_require_strong_auth() ==
+           LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS)
+       {
+               fprintf(stderr,
+                       "WARNING: You have not configured "
+                       "'ldap server require strong auth = "
+                       "allow_sasl_over_tls'.\n"
+                       "Please change to 'yes' (preferred) or "
+                       "'allow_sasl_without_tls_channel_bindings' "
+                       "(if really needed)\n\n");
+       }
+
        if (lp_server_schannel() != true) { /* can be 'auto' */
                fprintf(stderr,
                        "WARNING: You have not configured "