1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

dsdb: Use credentials.get_forced_sasl_mech()

This will allow us to force the use of only DIGEST-MD5, for example,
which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking
to OpenLDAP and Cyrus-SASL.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
This commit is contained in:
Andrew Bartlett 2013-09-16 09:39:12 -07:00 committed by Nadezhda Ivanova
parent 3f464ca1f5
commit 4dacaef2ea
2 changed files with 3 additions and 0 deletions

View File

@ -255,6 +255,7 @@ class LDAPBackend(ProvisionBackend):
# Kerberos to an ldapi:// backend makes no sense
self.credentials.set_kerberos_state(DONT_USE_KERBEROS)
self.credentials.set_password(self.ldapadminpass)
self.credentials.set_forced_sasl_mech("DIGEST-MD5")
self.secrets_credentials = Credentials()
self.secrets_credentials.guess(self.lp)
@ -262,6 +263,7 @@ class LDAPBackend(ProvisionBackend):
self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS)
self.secrets_credentials.set_username("samba-admin")
self.secrets_credentials.set_password(self.ldapadminpass)
self.secrets_credentials.set_forced_sasl_mech("DIGEST-MD5")
self.provision()

View File

@ -157,6 +157,7 @@ static int set_ldap_credentials(struct ldb_context *ldb)
return ldb_oom(ldb);
}
cli_credentials_set_anonymous(cred);
cli_credentials_set_forced_sasl_mech(cred, "DIGEST-MD5");
/*
* We don't want to use krb5 to talk to our samdb - recursion