From: Michael Adam <obnox@samba.org>
Date: Thu, 29 Jan 2009 12:04:01 +0000 (+0100)
Subject: s3: fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested
X-Git-Tag: samba-4.0.0alpha7~417^2~289
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=27408de5337afe2e17378a09e9865c62c7b4862b;p=thirdparty%2Fsamba.git

s3: fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested

This fixes "net ads join".
It copes with the changed default "ldap ssl = start tls".
A new boolean option "ldap ssl : ads" is added to allow for
explicitly requesting ssl with  ads.

Michael
---

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index f6da54f35ba..bb2b58e2372 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -672,9 +672,11 @@ got_connection:
 
 	ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 
-	status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
-	if (!ADS_ERR_OK(status)) {
-		goto out;
+	if (lp_parm_bool(-1, "ldap ssl", "ads", false)) {
+		status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
+		if (!ADS_ERR_OK(status)) {
+			goto out;
+		}
 	}
 
 	/* fill in the current time and offsets */