r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5

[garming/samba-autobuild/.git] / source4 / ldap_server / ldap_bind.c

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index e9d38ad93b0d023785f95332d087b66250aab0a4..7a296d01ac1b54b6c0a32e7b18c4b2f46e47e967 100644 (file)
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -63,6 +63,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
        DEBUG(10, ("BindSASL dn: %s\n",req->dn));
 
        if (!call->conn->gensec) {
+               struct cli_credentials *server_credentials;
                call->conn->session_info = NULL;
 
                status = gensec_server_start(call->conn, &call->conn->gensec,
@@ -74,6 +75,23 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
                
                gensec_set_target_service(call->conn->gensec, "ldap");
 
+               server_credentials 
+                       = cli_credentials_init(call);
+               if (!server_credentials) {
+                       DEBUG(1, ("Failed to init server credentials\n"));
+                       return NT_STATUS_NO_MEMORY;
+               }
+               
+               cli_credentials_set_conf(server_credentials);
+               status = cli_credentials_set_machine_account(server_credentials);
+               if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status)));
+                       talloc_free(server_credentials);
+                       server_credentials = NULL;
+               }
+               
+               gensec_set_credentials(call->conn->gensec, server_credentials);
+
                gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN);
                gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SEAL);
                gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_ASYNC_REPLIES);