diff options
author | Isaac Boukris <iboukris@gmail.com> | 2020-07-02 09:33:12 +0200 |
---|---|---|
committer | Isaac Boukris <iboukris@sn-devel-184> | 2020-07-13 10:41:38 +0000 |
commit | 39b293c2d0bb64f11f63a41fbbc5031e5a2922e2 (patch) | |
tree | 9d15b920070f40f2357173163874e067bce8249a | |
parent | b3af1d334d6159dca75c2a74e7c6f909952c31af (diff) | |
download | samba-39b293c2d0bb64f11f63a41fbbc5031e5a2922e2.tar.gz |
ads: set sasl-wrapping to plain when over TLS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r-- | WHATSNEW.txt | 5 | ||||
-rw-r--r-- | selftest/knownfail.d/net_ads_tls | 1 | ||||
-rwxr-xr-x | source3/libads/ldap.c | 4 |
3 files changed, 9 insertions, 1 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 219afb712c8..e7b46a7b159 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -22,6 +22,11 @@ The "ldap ssl ads" option no longer depends on "ldap ssl" option: With this release, the "ldap ssl ads" can be set to "yes" even if "ldap ssl" is off. +The "ldap ssl ads" no longer requires sasl-wrapping to be set to plain: +----------------------------------------------------------------------- +This is now done implicitly when over TLS, so "client ldap sasl wrapping" +does not need to be set to "plain" in order for it to work. + REMOVED FEATURES ================ diff --git a/selftest/knownfail.d/net_ads_tls b/selftest/knownfail.d/net_ads_tls deleted file mode 100644 index 251c948b6a9..00000000000 --- a/selftest/knownfail.d/net_ads_tls +++ /dev/null @@ -1 +0,0 @@ -^samba4.blackbox.net_ads_tls diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 099a6a2ee1d..1ffe96d32c9 100755 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -707,6 +707,10 @@ got_connection: if (!ADS_ERR_OK(status)) { goto out; } + if (!ads_set_sasl_wrap_flags(ads, 0)) { + status = ADS_ERROR(LDAP_OPERATIONS_ERROR); + goto out; + } } /* fill in the current time and offsets */ |