summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap/ldap_bind.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/ldap/ldap_bind.c')
-rw-r--r--source4/libcli/ldap/ldap_bind.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index cacb0d150e..585bdbb234 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
+#include "lib/tls/tls.h"
#include "auth/auth.h"
static struct ldap_message *new_ldap_simple_bind_msg(struct ldap_connection *conn,
@@ -173,7 +174,11 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
goto failed;
}
- gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+ /* require Kerberos SIGN/SEAL only if we don't use SSL
+ * Windows seem not to like double encryption */
+ if (conn->tls == NULL || (! tls_enabled(conn->tls))) {
+ gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+ }
status = gensec_set_credentials(conn->gensec, creds);
if (!NT_STATUS_IS_OK(status)) {
generated by cgit (git 2.34.1) at 2024-11-11 22:58:40 +0000