summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-09-16 09:39:12 -0700
committerNadezhda Ivanova <nivanova@samba.org>2013-09-17 01:41:41 +0200
commit4dacaef2eae46a8d5d4729c8a607b9d928c70c25 (patch)
tree488b362d5334cf50af2f90cdc80fbce96dd8adf6
parent3f464ca1f5672491edf5daf15389cf7f2dc68e2b (diff)
downloadsamba-4dacaef2eae46a8d5d4729c8a607b9d928c70c25.tar.gz
samba-4dacaef2eae46a8d5d4729c8a607b9d928c70c25.tar.bz2
samba-4dacaef2eae46a8d5d4729c8a607b9d928c70c25.zip
dsdb: Use credentials.get_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
-rw-r--r--python/samba/provision/backend.py2
-rw-r--r--source4/dsdb/samdb/ldb_modules/samba_dsdb.c1
2 files changed, 3 insertions, 0 deletions
diff --git a/python/samba/provision/backend.py b/python/samba/provision/backend.py
index 3fe947fdbe..b50055de9f 100644
--- a/python/samba/provision/backend.py
+++ b/python/samba/provision/backend.py
@@ -255,6 +255,7 @@ class LDAPBackend(ProvisionBackend):
# Kerberos to an ldapi:// backend makes no sense
self.credentials.set_kerberos_state(DONT_USE_KERBEROS)
self.credentials.set_password(self.ldapadminpass)
+ self.credentials.set_forced_sasl_mech("DIGEST-MD5")
self.secrets_credentials = Credentials()
self.secrets_credentials.guess(self.lp)
@@ -262,6 +263,7 @@ class LDAPBackend(ProvisionBackend):
self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS)
self.secrets_credentials.set_username("samba-admin")
self.secrets_credentials.set_password(self.ldapadminpass)
+ self.secrets_credentials.set_forced_sasl_mech("DIGEST-MD5")
self.provision()
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index ac993db4d7..cde53bc9ce 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -157,6 +157,7 @@ static int set_ldap_credentials(struct ldb_context *ldb)
return ldb_oom(ldb);
}
cli_credentials_set_anonymous(cred);
+ cli_credentials_set_forced_sasl_mech(cred, "DIGEST-MD5");
/*
* We don't want to use krb5 to talk to our samdb - recursion