mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
9827055be3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
29 lines
2.5 KiB
Plaintext
29 lines
2.5 KiB
Plaintext
#
|
|
## We assert all "ldap server require strong auth" combinations
|
|
#
|
|
^samba4.ldb.simple.ldap with SIMPLE-BIND.*ad_dc_ntvfs # ldap server require strong auth = allow_sasl_without_tls_channel_bindings
|
|
^samba4.ldb.simple.ldap with SIMPLE-BIND.*fl2003dc # ldap server require strong auth = yes
|
|
# fl2003dc has ldap server require strong auth = yes
|
|
# and correct channel bindings are required for TLS
|
|
^samba4.ldb.simple.ldaps.*SASL-BIND.*ldap_testing:tls_channel_bindings=no.*fl2003dc
|
|
^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*ldap_testing:tls_channel_bindings=no.*fl2003dc
|
|
# ad_dc_ntvfs and fl2008r2dc have
|
|
# ldap server require strong auth = allow_sasl_without_tls_channel_bindings
|
|
# it means correct channel bindings are required, if the client indicated
|
|
# explicit (even null) channel bindings are provided
|
|
#
|
|
# The following are in expectedfail_heimdal for now, as MIT
|
|
# behaves differently:
|
|
#^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
|
|
#^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
|
|
#^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
|
|
#^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
|
|
^samba4.ldb.simple.ldaps.with.SASL-BIND.*ldap_testing:channel_bound=yes.*ldap_testing:forced_channel_binding=wRoNg
|
|
^samba4.ldb.simple.ldaps.with.SASL-BIND.*ldap_testing:channel_bound=no.*ldap_testing:forced_channel_binding=wRoNg
|
|
^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*ldap_testing:channel_bound=yes.*ldap_testing:forced_channel_binding=wRoNg
|
|
^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*ldap_testing:channel_bound=no.*ldap_testing:forced_channel_binding=wRoNg
|
|
^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=disabled.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
|
|
^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=disabled.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
|
|
^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=disabled.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
|
|
^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=disabled.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
|