s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index 0da49f3858fecee70adb84fb9cc419abd74e1c20..b10b79d14c01a9bc56f9d1f046e89aadaf04c7c4 100644 (file)
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -318,6 +318,13 @@ try_logon_again:
         * context, so we don't tatoo it ) */
        cli_credentials_set_gensec_features(creds, old_gensec_features);
 
+       /*
+        * This is an indication for the NTLMSSP backend to
+        * also encrypt when only GENSEC_FEATURE_SIGN is requested
+        * in gensec_[un]wrap().
+        */
+       gensec_want_feature(conn->gensec, GENSEC_FEATURE_LDAP_STYLE);
+
        if (conn->host) {
                status = gensec_set_target_hostname(conn->gensec, conn->host);
                if (!NT_STATUS_IS_OK(status)) {