# HG changeset patch
# User Aurelien Campeas <aurelien.campeas@logilab.fr>
# Date 1340188257 -7200
# Node ID 2646a8e99b0d285f09c8435fef83f5d634ac9679
# Parent  444a8e25c940e76aa3f3409d8d699362461e05f7
[ldap] allow working connection to some ADs (closes #2408829)

diff -r 444a8e25c940 -r 2646a8e99b0d server/ldaputils.py
--- a/server/ldaputils.py	Wed Jul 18 17:26:59 2012 +0200
+++ b/server/ldaputils.py	Wed Jun 20 12:30:57 2012 +0200
@@ -250,10 +250,11 @@
         except ldap.LDAPError: # Invalid protocol version, fall back safely
             conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION2)
         # Deny auto-chasing of referrals to be safe, we handle them instead
-        #try:
-        #    connection.set_option(ldap.OPT_REFERRALS, 0)
-        #except ldap.LDAPError: # Cannot set referrals, so do nothing
-        #    pass
+        # Required for AD
+        try:
+           conn.set_option(ldap.OPT_REFERRALS, 0)
+        except ldap.LDAPError: # Cannot set referrals, so do nothing
+           pass
         #conn.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout)
         #conn.timeout = op_timeout
         # Now bind with the credentials given. Let exceptions propagate out.