s3:libads: let cldap_ping_list() check for a blacklisted server name

If we black listed a server we should not use it even if
it responses to CLDAP requests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 5c497637044df6f0781ce78ae6d0731b489a7933..fe904e49a8bad9d4bd5b710061a9024bce336784 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -406,7 +406,17 @@ static NTSTATUS cldap_ping_list(ADS_STRUCT *ads,
                ok = ads_try_connect(ads, false, &sa_list[i].u.ss);
 
                if (ok) {
-                       return NT_STATUS_OK;
+                       NTSTATUS status;
+
+                       status = check_negative_conn_cache(domain,
+                                       ads->config.ldap_server_name);
+                       if (NT_STATUS_IS_OK(status)) {
+                               /*
+                                * only use the server if it's not black listed
+                                * by name
+                                */
+                               return NT_STATUS_OK;
+                       }
                }
 
                /* keep track of failures */