test ldap sign/seal

diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index 5e6a5faafa42d8ae8f32973df80172b408bec4ac..5c0b1b4ac78fc1614ea88f5d033e4c9b8622c13a 100644 (file)
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -238,6 +238,12 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
                cli_credentials_set_gensec_features(creds, old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL));
        }
 
+       cli_credentials_set_gensec_features(creds,
+       (old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL)) & GENSEC_FEATURE_SIGN);
+
+/*     cli_credentials_set_gensec_features(creds,
+       (old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL)) & (GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL));
+*/
        /* this call also sets the gensec_want_features */
        status = gensec_set_credentials(conn->gensec, creds);
        if (!NT_STATUS_IS_OK(status)) {
@@ -246,6 +252,9 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
                goto failed;
        }
 
+       gensec_want_feature(conn->gensec, GENSEC_FEATURE_SIGN);
+       //gensec_want_feature(conn->gensec, GENSEC_FEATURE_SEAL);
+
        /* reset the original gensec_features (on the credentials
         * context, so we don't tatoo it ) */
        cli_credentials_set_gensec_features(creds, old_gensec_features);