|
|
On Thu, 2006-05-11 at 06:54 -0700, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jim McDonough wrote:
>
> > Phew, it's been a while, but I think we did, after fiddling around with
> > the security settings. CLDAP is inherently anonymous, so you can't
> > authenticate. It's just a matter of what is allowed anonymously. I don't
> > recall if it was just a matter of setting ACLS on an RDN or if we had to
> > do something with security policies or registry.
>
> You can create the cldap calls from win32 really easily.
> There's a cldap_open() Win32 api call that returns an LDAP*
> which can be used with ldap_search_s(). That how I toyed
> with the rootDSE stuff.
>
> My goal was to get the currentTime attribute via CLDAP and avoid
> the TCP session in ads_connect(). One of the guys at work mentioned
> that the udp ldap pings would take arbitrary search filters.
What will you be making the eventual connection with? Don't we also
have the current server time in the negprot reply?
That said, I support the better use of CLDAP for DC discovery etc. I
think it will be a useful feature.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
|
|