From d65a0335e5cb947dc527d62eccf7c2a3cdbcc788 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 28 Sep 2022 09:43:25 +0200
Subject: dirmngr: New server flag "areconly" (A-record-only)

* dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly"
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag.
* dirmngr/dirmngr_ldap.c: Add option --areconly
(connect_ldap): Implement option.
* dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option.
--

This flag is used to pass the Windows specific option
LDAP_OPT_AREC_EXCLUSIVE.  It is ignored on other systems.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/ldapserver.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'dirmngr/ldapserver.c')

diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c
index 4ef28431c..14f87efb1 100644
--- a/dirmngr/ldapserver.c
+++ b/dirmngr/ldapserver.c
@@ -64,6 +64,7 @@ ldapserver_list_free (ldap_server_t servers)
  *   plain     := Switch to plain unsecured LDAP.
  *   (The last of these 3 flags is the effective one)
  *   ntds      := Use Active Directory authentication
+ *   areconly  := Use option LDAP_OPT_AREC_EXCLUSIVE
  *
  * FILENAME and LINENO are used for diagnostic purposes only.
  */
@@ -175,6 +176,10 @@ ldapserver_parse_one (char *line,
                   {
                     server->ntds = 1;
                   }
+                else if (!ascii_strcasecmp (s, "areconly"))
+                  {
+                    server->areconly = 1;
+                  }
                 else
                   {
                     if (filename)
-- 
cgit v1.2.3