https://bugs.winehq.org/show_bug.cgi?id=55304
--- Comment #7 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to Hans Leidekker from comment #6)
Also note that your changes to sasl_decode() and sasl_encode() break NTLM.
Do you have a sample code that breaks that could be used for testing purposes?
I modified the wldap32 test to connect to an AD LDAP server and hacked the Kerberos dll to return an error so that Negotiate falls back to NTLM. Essentially it's this:
ldap_bind_sA( ld, NULL, (char *)&auth_id, LDAP_AUTH_NEGOTIATE );
According to my testing with the attached patchset and WINEDEBUG=+libldap simply connecting with ldap_search_s(LDAP_AUTH_NEGOTIATE) doesn't involve SASL plugin encoding/decoding, but ldap_search_s("defaultNamingContext") after the connection does, that's why I've added a test with ldap_search_s().