r19651: Fix interesting bug with the automatic site coverage in Active Directory:

When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.

Guenther
(This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)

1 files changed, 25 insertions, 1 deletions

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 927b86fe93..5dcc3c33ba 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -139,6 +139,30 @@ BOOL ads_sitename_match(ADS_STRUCT *ads)
 	return False;
 }
 
+/**********************************************
+ Is this the closest DC ?
+**********************************************/
+
+BOOL ads_closest_dc(ADS_STRUCT *ads)
+{
+	if (ads->config.flags & ADS_CLOSEST) {
+		DEBUG(10,("ads_closest_dc: ADS_CLOSEST flag set\n"));
+		return True;
+	}
+
+	/* not sure if this can ever happen */
+	if (ads_sitename_match(ads)) {
+		DEBUG(10,("ads_closest_dc: ADS_CLOSEST flag not set but sites match\n"));
+		return True;
+	}
+
+	DEBUG(10,("ads_closest_dc: %s is not the closest DC\n", 
+		ads->config.ldap_server_name));
+
+	return False;
+}
+
+
 /*
   try a connection to a given ldap server, returning True and setting the servers IP
   in the ads struct if successful
@@ -392,7 +416,7 @@ got_connection:
 	}
 
 	/* cache the successful connection for workgroup and realm */
-	if (ads_sitename_match(ads)) {
+	if (ads_closest_dc(ads)) {
 		saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
 		saf_store( ads->server.realm, inet_ntoa(ads->ldap_ip));
 	}