CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"

[samba.git] / lib / param / loadparm.c

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 696c2d679905ccb42128ae6126dc3c4a3ac21b97..5c9f6a1114d286f038edff5b7c5e03b24956a5cf 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2674,6 +2674,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "min wins ttl", "21600");
 
        lpcfg_do_global_parameter(lp_ctx, "tls enabled", "True");
+       lpcfg_do_global_parameter(lp_ctx, "tls verify peer", "as_strict_as_possible");
        lpcfg_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem");
        lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
        lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
@@ -2810,6 +2811,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "sign");
 
+       lpcfg_do_global_parameter(lp_ctx, "ldap server require strong auth", "yes");
+
        lpcfg_do_global_parameter(lp_ctx, "follow symlinks", "yes");
 
        lpcfg_do_global_parameter(lp_ctx, "machine password timeout", "604800");