Ubuntu
adcli package

Bug #1893784
Comment #0

Comment 0 for bug 1893784

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2020-09-01: Apply some useful unreleased fixes

We should cherry-pick these fixes:

a) Use GSS-SPNEGO if available

Currently adcli uses the GSSAPI SASL mechanism for LDAP authentication
and to establish encryption. While this works in general it does not
handle some of the more advanced features which can be required by AD
DCs.

The GSS-SPNEGO mechanism can handle them and is used with this patch by
adcli if the AD DC indicates that it supports it.

Related to https://bugzilla.redhat.com/show_bug.cgi?id=1762420
https://gitlab.freedesktop.org/realmd/adcli/commit/a6f795ba3d6048b32d7863468688bf7f42b2cafd

b) add option use-ldaps

In general using the LDAP port with GSS-SPNEGO should satifiy all
requirements an AD DC should have for authentication on an encrypted
LDAP connection.

But if e.g. the LDAP port is blocked by a firewall using the LDAPS port
with TLS encryption might be an alternative. For this use case the
--use-ldaps option is added.

Related to https://bugzilla.redhat.com/show_bug.cgi?id=1762420
https://gitlab.freedesktop.org/realmd/adcli/-/commit/85097245b57f190337225dbdbf6e33b58616c092

Ubuntuadcli package

Comment 0 for bug 1893784

Ubuntu
adcli package