From a08154cff83161f1bd9667dc01cee554093b5763 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Fri, 28 Apr 2023 17:20:46 +0200 Subject: [PATCH] enable tls unless kerberos is used (SASL GSS-API doesn't seem to work over TLS) --- src/ldaptool/search/_search.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ldaptool/search/_search.py b/src/ldaptool/search/_search.py index 5a423b1..124f1f5 100644 --- a/src/ldaptool/search/_search.py +++ b/src/ldaptool/search/_search.py @@ -21,7 +21,7 @@ def search(*, config: Config, arguments: Arguments) -> typing.Iterable[Result]: if not arguments.base: arguments.base = realm.default_base(gc=arguments.gc) - ldap_con = ldap.initialize(realm.ldap_uri(gc=arguments.gc, tls=False, server=arguments.server)) + ldap_con = ldap.initialize(realm.ldap_uri(gc=arguments.gc, tls=not arguments.krb, server=arguments.server)) ldap_con.set_option(ldap.OPT_REFERRALS, 0) if arguments.krb: ldap_con.sasl_gssapi_bind_s()