From 4f5791ebd03eaec1c7da0865a383175b05102712 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 5 May 2024 19:47:29 +0200 Subject: Adding upstream version 2:4.17.12+dfsg. Signed-off-by: Daniel Baumann --- .../smbdotconf/ldap/clientldapsaslwrapping.xml | 41 ++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml (limited to 'docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml') diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml new file mode 100644 index 0000000..21bd209 --- /dev/null +++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml @@ -0,0 +1,41 @@ + + + + The defines whether + ldap traffic will be signed or signed and encrypted (sealed). + Possible values are plain, sign + and seal. + + + + The values sign and seal are + only available if Samba has been compiled against a modern + OpenLDAP version (2.3.x or higher). + + + + This option is needed firstly to secure the privacy of + administrative connections from samba-tool, + including in particular new or reset passwords for users. For + this reason the default is seal. + + Additionally, winbindd and the + net tool can use LDAP to communicate with + Domain Controllers, so this option also controls the level of + privacy for those connections. All supported AD DC versions + will enforce the usage of at least signed LDAP connections by + default, so a value of at least sign is + required in practice. + + + + The default value is seal. That implies synchronizing the time + with the KDC in the case of using Kerberos. + + +seal + -- cgit v1.2.3