s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP case

We use get_dc_name() for LDAP because it generates the selfwritten
krb5.conf with the correct kdc addresses and sets KRB5_CONFIG.

For CLDAP we need to use get_sorted_dc_list() to avoid recursion.

metze

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)

1 files changed, 25 insertions, 1 deletions

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 932e42e076..31feea50c7 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -310,11 +310,35 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
 
 	realm = c_realm;
 
+	/*
+	 * In case of LDAP we use get_dc_name() as that
+	 * creates the custom krb5.conf file
+	 */
+	if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+		fstring srv_name;
+		struct sockaddr_storage ip_out;
+
+		DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
+			(got_realm ? "realm" : "domain"), realm));
+
+		if (get_dc_name(realm, realm, srv_name, &ip_out)) {
+			/*
+			 * we call ads_try_connect() to fill in the
+			 * ads->config details
+			 */
+			if (ads_try_connect(ads, srv_name, false)) {
+				return NT_STATUS_OK;
+			}
+		}
+
+		return NT_STATUS_NO_LOGON_SERVERS;
+	}
+
 	sitename = sitename_fetch(realm);
 
  again:
 
-	DEBUG(6,("ads_find_dc: looking for %s '%s'\n",
+	DEBUG(6,("ads_find_dc: (cldap) looking for %s '%s'\n",
 		(got_realm ? "realm" : "domain"), realm));
 
 	status = get_sorted_dc_list(realm, sitename, &ip_list, &count, got_realm);