From 96e60f4f0ea7856514d206d43b1976133b8ce3e9 Mon Sep 17 00:00:00 2001
From: Jo Sutton <josutton@catalyst.net.nz>
Date: Tue, 16 Apr 2024 14:28:43 +1200
Subject: [PATCH] s4:ldap_server: Consider ldapi connections to be encrypted

Modifications to unicodePwd require an encrypted connection. This change
allows unicodePwd to be modified over an ldapi connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ff8e98daf1c3fd99d4d880ddc2d47eeb0d99718c)
---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 1a906534a0a..b0369f8119a 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -212,7 +212,7 @@ int ldapsrv_backend_Init(struct ldapsrv_connection *conn,
 	if (opaque_connection_state == NULL) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
-	opaque_connection_state->using_encrypted_connection = using_tls || using_seal;
+	opaque_connection_state->using_encrypted_connection = using_tls || using_seal || conn->is_ldapi;
 	ret = ldb_set_opaque(conn->ldb,
 			     DSDB_OPAQUE_ENCRYPTED_CONNECTION_STATE_NAME,
 			     opaque_connection_state);
-- 
2.47.2