That's better then using !ADS_AUTH_NO_BIND. And it allows callers
to be more flexible in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
* In case of LDAP we use get_dc_name() as that
* creates the custom krb5.conf file
*/
- if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+ if (ads->auth.flags & ADS_AUTH_GENERATE_KRB5_CONFIG) {
fstring srv_name;
struct sockaddr_storage ip_out;
SMB_ASSERT(cli_credentials_is_anonymous(creds));
}
+ if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+ ads->auth.flags |= ADS_AUTH_GENERATE_KRB5_CONFIG;
+ }
+
/*
* ads_connect can be passed in a reused ADS_STRUCT
* with an existing non-zero ads->ldap.ss IP address
ADS_AUTH_SASL_FORCE = 0x0080,
ADS_AUTH_USER_CREDS = 0x0100,
ADS_AUTH_SASL_STARTTLS = 0x0200,
- ADS_AUTH_SASL_LDAPS = 0x0400
+ ADS_AUTH_SASL_LDAPS = 0x0400,
+ ADS_AUTH_GENERATE_KRB5_CONFIG = 0x0800
} ads_auth_flags;
const int ADS_SASL_WRAPPING_IN_MAX_WRAPPED = 0x0FFFFFFF;