smbdotconf: add client ldap sasl wrapping = {starttls,ldaps}

author Stefan Metzmacher <metze@samba.org>

Fri, 9 Feb 2024 14:40:00 +0000 (15:40 +0100)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 23 Apr 2024 23:50:34 +0000 (23:50 +0000)
author Stefan Metzmacher <metze@samba.org>
Fri, 9 Feb 2024 14:40:00 +0000 (15:40 +0100)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 23 Apr 2024 23:50:34 +0000 (23:50 +0000)
diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml

index 21bd209005774518f8939ae422d1bdd00c4a6feb..5e108dc04ce241a0fbdb0a75e2ca990dcc1f6814 100644 (file)
--- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
+++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
@@ -36,6 +36,13 @@
         The default value is <emphasis>seal</emphasis>. That implies synchronizing the time
         with the KDC in the case of using <emphasis>Kerberos</emphasis>.
         </para>
+
+       <para>In order to force using LDAP (on port 389) with STARTTLS
+       or LDAPS (on port 636), it is possible to use <emphasis>starttls</emphasis>
+       or <emphasis>ldaps</emphasis>. In that case the NTLMSSP or Kerberos
+       authentication using the TLS channel bindings in order to glue
+       it to the connection.</para>
+
  </description>
  <value type="default">seal</value>
  </samba:parameter>
diff --git a/lib/param/param_table.c b/lib/param/param_table.c

index 8db4c381e41278f8a5e51dbb95c0b5506940217c..229585b280788741b8ba4d7350bcb9d3823c392a 100644 (file)
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -309,6 +309,8 @@ static const struct enum_list enum_ldap_sasl_wrapping[] = {
         {0, "plain"},
         {ADS_AUTH_SASL_SIGN, "sign"},
         {ADS_AUTH_SASL_SEAL, "seal"},
+       {ADS_AUTH_SASL_STARTTLS, "starttls"},
+       {ADS_AUTH_SASL_LDAPS, "ldaps"},
         {-1, NULL}
  };
  
diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl

index a706d355a5bcceb9fc542a56816b2dc0cd66af1d..d4e00e2c7bc7df65d384bc25c7123ef43dc6dbe8 100644 (file)
--- a/source3/librpc/idl/ads.idl
+++ b/source3/librpc/idl/ads.idl
@@ -29,7 +29,9 @@ interface ads
                 ADS_AUTH_SASL_SIGN              = 0x0020,
                 ADS_AUTH_SASL_SEAL              = 0x0040,
                 ADS_AUTH_SASL_FORCE             = 0x0080,
-               ADS_AUTH_USER_CREDS             = 0x0100
+               ADS_AUTH_USER_CREDS             = 0x0100,
+               ADS_AUTH_SASL_STARTTLS          = 0x0200,
+               ADS_AUTH_SASL_LDAPS             = 0x0400
         } ads_auth_flags;
  
         const int ADS_SASL_WRAPPING_IN_MAX_WRAPPED = 0x0FFFFFFF;
author	Stefan Metzmacher <metze@samba.org>
	Fri, 9 Feb 2024 14:40:00 +0000 (15:40 +0100)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 23 Apr 2024 23:50:34 +0000 (23:50 +0000)
docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml		patch \| blob \| history
lib/param/param_table.c		patch \| blob \| history
source3/librpc/idl/ads.idl		patch \| blob \| history