The default value is <emphasis>seal</emphasis>. That implies synchronizing the time
with the KDC in the case of using <emphasis>Kerberos</emphasis>.
</para>
+
+ <para>In order to force using LDAP (on port 389) with STARTTLS
+ or LDAPS (on port 636), it is possible to use <emphasis>starttls</emphasis>
+ or <emphasis>ldaps</emphasis>. In that case the NTLMSSP or Kerberos
+ authentication using the TLS channel bindings in order to glue
+ it to the connection.</para>
+
</description>
<value type="default">seal</value>
</samba:parameter>
{0, "plain"},
{ADS_AUTH_SASL_SIGN, "sign"},
{ADS_AUTH_SASL_SEAL, "seal"},
+ {ADS_AUTH_SASL_STARTTLS, "starttls"},
+ {ADS_AUTH_SASL_LDAPS, "ldaps"},
{-1, NULL}
};
ADS_AUTH_SASL_SIGN = 0x0020,
ADS_AUTH_SASL_SEAL = 0x0040,
ADS_AUTH_SASL_FORCE = 0x0080,
- ADS_AUTH_USER_CREDS = 0x0100
+ ADS_AUTH_USER_CREDS = 0x0100,
+ ADS_AUTH_SASL_STARTTLS = 0x0200,
+ ADS_AUTH_SASL_LDAPS = 0x0400
} ads_auth_flags;
const int ADS_SASL_WRAPPING_IN_MAX_WRAPPED = 0x0FFFFFFF;