ads: set sasl-wrapping to plain when over TLS

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

3 files changed, 9 insertions, 1 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 219afb712c8..e7b46a7b159 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -22,6 +22,11 @@ The "ldap ssl ads" option no longer depends on "ldap ssl" option:
 With this release, the "ldap ssl ads" can be set to "yes" even if "ldap ssl"
 is off.
 
+The "ldap ssl ads" no longer requires sasl-wrapping to be set to plain:
+-----------------------------------------------------------------------
+This is now done implicitly when over TLS, so "client ldap sasl wrapping"
+does not need to be set to "plain" in order for it to work.
+
 
 REMOVED FEATURES
 ================
diff --git a/selftest/knownfail.d/net_ads_tls b/selftest/knownfail.d/net_ads_tls
deleted file mode 100644
index 251c948b6a9..00000000000
--- a/selftest/knownfail.d/net_ads_tls
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.blackbox.net_ads_tls
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 099a6a2ee1d..1ffe96d32c9 100755
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -707,6 +707,10 @@ got_connection:
 		if (!ADS_ERR_OK(status)) {
 			goto out;
 		}
+		if (!ads_set_sasl_wrap_flags(ads, 0)) {
+			status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
+			goto out;
+		}
 	}
 
 	/* fill in the current time and offsets */