ads: set sasl-wrapping to plain when over TLS

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 219afb712c8b1d38592e4f3647e02b8b99d1d9eb..e7b46a7b15960a54bec4098b84c023a52e92f79f 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -22,6 +22,11 @@ The "ldap ssl ads" option no longer depends on "ldap ssl" option:
 With this release, the "ldap ssl ads" can be set to "yes" even if "ldap ssl"
 is off.
 
+The "ldap ssl ads" no longer requires sasl-wrapping to be set to plain:
+-----------------------------------------------------------------------
+This is now done implicitly when over TLS, so "client ldap sasl wrapping"
+does not need to be set to "plain" in order for it to work.
+
 
 REMOVED FEATURES
 ================

diff --git a/selftest/knownfail.d/net_ads_tls b/selftest/knownfail.d/net_ads_tls
deleted file mode 100644 (file)
index 251c948..0000000
--- a/selftest/knownfail.d/net_ads_tls
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.blackbox.net_ads_tls

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 099a6a2ee1d07df4d016ef4ac6ff0fd43b4e268b..1ffe96d32c933872343686251fc2635cbd7c68b8 100755 (executable)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -707,6 +707,10 @@ got_connection:
                if (!ADS_ERR_OK(status)) {
                        goto out;
                }
+               if (!ads_set_sasl_wrap_flags(ads, 0)) {
+                       status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
+                       goto out;
+               }
        }
 
        /* fill in the current time and offsets */