s3:libads: add ADS_AUTH_GENERATE_KRB5_CONFIG to generate a custom krb5.conf

That's better then using !ADS_AUTH_NO_BIND. And it allows callers
to be more flexible in future.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 26e3107c0420a2a484283e427270ab8b7f6c8ca9..a330b9dd7c9cc3a2c01ed7c9fc03a5781108bc96 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -731,7 +731,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
         * In case of LDAP we use get_dc_name() as that
         * creates the custom krb5.conf file
         */
-       if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+       if (ads->auth.flags & ADS_AUTH_GENERATE_KRB5_CONFIG) {
                fstring srv_name;
                struct sockaddr_storage ip_out;
 
@@ -842,6 +842,10 @@ static ADS_STATUS ads_connect_internal(ADS_STRUCT *ads,
                SMB_ASSERT(cli_credentials_is_anonymous(creds));
        }
 
+       if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+               ads->auth.flags |= ADS_AUTH_GENERATE_KRB5_CONFIG;
+       }
+
        /*
         * ads_connect can be passed in a reused ADS_STRUCT
         * with an existing non-zero ads->ldap.ss IP address

diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl
index d4e00e2c7bc7df65d384bc25c7123ef43dc6dbe8..0cadea7e5ae5daab4dfe7fc35a38fb582d5256e1 100644 (file)
--- a/source3/librpc/idl/ads.idl
+++ b/source3/librpc/idl/ads.idl
@@ -31,7 +31,8 @@ interface ads
                ADS_AUTH_SASL_FORCE             = 0x0080,
                ADS_AUTH_USER_CREDS             = 0x0100,
                ADS_AUTH_SASL_STARTTLS          = 0x0200,
-               ADS_AUTH_SASL_LDAPS             = 0x0400
+               ADS_AUTH_SASL_LDAPS             = 0x0400,
+               ADS_AUTH_GENERATE_KRB5_CONFIG   = 0x0800
        } ads_auth_flags;
 
        const int ADS_SASL_WRAPPING_IN_MAX_WRAPPED = 0x0FFFFFFF;