BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
<para>A value of <emphasis>yes</emphasis> allows only simple binds
over TLS encrypted connections. Unencrypted connections only
allow sasl binds with sign or seal.</para>
-
- <para>Note the default will change to <constant>yes</constant> with Samba 4.5.</para>
</description>
-<value type="default">no</value>
+<value type="default">yes</value>
</samba:parameter>
lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "sign");
- lpcfg_do_global_parameter(lp_ctx, "ldap server require strong auth", "no");
+ lpcfg_do_global_parameter(lp_ctx, "ldap server require strong auth", "yes");
lpcfg_do_global_parameter(lp_ctx, "follow symlinks", "yes");
Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
Globals.ldap_server_require_strong_auth =
- LDAP_SERVER_REQUIRE_STRONG_AUTH_NO;
+ LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
/* This is what we tell the afs client. in reality we set the token
* to never expire, though, when this runs out the afs client will