On Tue May 13 18:54:00 2025 +0000, Hans Leidekker wrote:
I'm not sure about that. There's the LDAP_OPT_SSPI_FLAGS as you mention in your patch and it could be that we're supposed to build the REQ flags from it and return the RET flags for it.
I've added a test
``` flags = 0; ret = ldap_get_option(ld, LDAP_OPT_SSPI_FLAGS, &flags); ok(!ret, "ldap_get_option error %#x\n", ret); ok(flags == (ISC_REQ_MUTUAL_AUTH | ISC_REQ_EXTENDED_ERROR), "got SSPI flags %08lx\n", flags); ```
I'll see if just requesting these flags work for LDAP over Kerberos. Hans, could you please test them with NTLM and report back?