https://bugs.winehq.org/show_bug.cgi?id=50545
--- Comment #23 from Hans Leidekker hans@meelstraat.net --- (In reply to Damjan Jovanovic from comment #22)
I discovered some LDAP bugs on my side, which may or may not relate to this.
The 1st problem, bug 50572, is that ldap_bind_sW() supplies the authorization name instead of the authentication name. This will break 100% of all WLDAP32_LDAP_AUTH_NEGOTIATE logins, as my examples there show. A patch, linked there, was just submitted.
The callbacks depend on the authentication scheme. For GSSAPI SASL_CB_USER is called and the result is used to retrieve a kerberos ticket.
The 2nd problem for me is that the username format is "domain\username", which always fails - my AD server wants "username" by itself. I am not yet sure where that's coming from but it should be an easy fix; when hacked by hardcoding the username in the above patch, it gets further.
This may also depend on the authentication scheme.