From: Isaac Boukris <iboukris@gmail.com>
Date: Mon, 10 Aug 2020 10:15:26 +0000 (+0200)
Subject: Remove depracated "ldap ssl ads" smb.conf option
X-Git-Tag: talloc-2.3.2~882
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32eb7f3966703582f2f8f2c75b2f960c5e4eb492;p=thirdparty%2Fsamba.git

Remove depracated "ldap ssl ads" smb.conf option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14462

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Aug 11 10:53:05 UTC 2020 on sn-devel-184
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f76aa4e79a0..206ee6ad20d 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -17,17 +17,6 @@ NEW FEATURES/CHANGES
 ====================
 
 
-The "ldap ssl ads" option no longer depends on "ldap ssl" option:
------------------------------------------------------------------
-With this release, the "ldap ssl ads" can be set to "yes" even if "ldap ssl"
-is off.
-
-The "ldap ssl ads" no longer requires sasl-wrapping to be set to plain:
------------------------------------------------------------------------
-This is now done implicitly when over TLS, so "client ldap sasl wrapping"
-does not need to be set to "plain" in order for it to work.
-
-
 CTDB CHANGES
 ============
 
@@ -44,12 +33,14 @@ CTDB CHANGES
 REMOVED FEATURES
 ================
 
+The deprecated "ldap ssl ads" smb.conf option has been removed.
 
 smb.conf changes
 ================
 
   Parameter Name                     Description                Default
   --------------                     -----------                -------
+  ldap ssl ads                       removed
 
 
 
diff --git a/docs-xml/smbdotconf/ldap/ldapsslads.xml b/docs-xml/smbdotconf/ldap/ldapsslads.xml
deleted file mode 100644
index f99afe5bbad..00000000000
--- a/docs-xml/smbdotconf/ldap/ldapsslads.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<samba:parameter name="ldap ssl ads"
-                 context="G"
-                 type="boolean"
-		 deprecated="1"
-                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
-	<para>This option is used to define whether or not Samba should
-	use SSL when connecting to the ldap server using
-	<emphasis>ads</emphasis> methods.
-	Rpc methods are not affected by this parameter.
-	</para>
-
-	<para>See also <smbconfoption name="ldap ssl"/>.
-	</para>
-
-</description>
-<value type="default">no</value>
-</samba:parameter>
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index d431156912f..ee4628a09a2 100755
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -704,17 +704,6 @@ got_connection:
 
 	ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 
-	if ( lp_ldap_ssl_ads() ) {
-		status = ADS_ERROR(smbldap_start_tls_start(ads->ldap.ld, version));
-		if (!ADS_ERR_OK(status)) {
-			goto out;
-		}
-		if (!ads_set_sasl_wrap_flags(ads, 0)) {
-			status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
-			goto out;
-		}
-	}
-
 	/* fill in the current time and offsets */
 
 	status = ads_current_time( ads );
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index ebe120433ee..73f7c065e09 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -740,7 +740,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
 	lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
 	Globals.ldap_ssl = LDAP_SSL_START_TLS;
-	Globals.ldap_ssl_ads = false;
 	Globals.ldap_deref = -1;
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = false;