From: Jo Sutton <josutton@catalyst.net.nz>
Date: Tue, 16 Apr 2024 02:28:43 +0000 (+1200)
Subject: s4:ldap_server: Consider ldapi connections to be encrypted
X-Git-Tag: samba-4.20.8~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96e60f4f0ea7856514d206d43b1976133b8ce3e9;p=thirdparty%2Fsamba.git

s4:ldap_server: Consider ldapi connections to be encrypted

Modifications to unicodePwd require an encrypted connection. This change
allows unicodePwd to be modified over an ldapi connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ff8e98daf1c3fd99d4d880ddc2d47eeb0d99718c)
---

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 1a906534a0a..b0369f8119a 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -212,7 +212,7 @@ int ldapsrv_backend_Init(struct ldapsrv_connection *conn,
 	if (opaque_connection_state == NULL) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
-	opaque_connection_state->using_encrypted_connection = using_tls || using_seal;
+	opaque_connection_state->using_encrypted_connection = using_tls || using_seal || conn->is_ldapi;
 	ret = ldb_set_opaque(conn->ldb,
 			     DSDB_OPAQUE_ENCRYPTED_CONNECTION_STATE_NAME,
 			     opaque_connection_state);