From d65a0335e5cb947dc527d62eccf7c2a3cdbcc788 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 28 Sep 2022 09:43:25 +0200
Subject: dirmngr: New server flag "areconly" (A-record-only)

* dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly"
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag.
* dirmngr/dirmngr_ldap.c: Add option --areconly
(connect_ldap): Implement option.
* dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option.
--

This flag is used to pass the Windows specific option
LDAP_OPT_AREC_EXCLUSIVE.  It is ignored on other systems.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 doc/dirmngr.texi | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'doc/dirmngr.texi')

diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 6c1c59b82..aaa30ec50 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -484,6 +484,9 @@ Tunnel LDAP through a TLS connection; the default port is 636.
 @item ntds
 On Windows authenticate the LDAP connection using the Active Directory
 with the current user.
+@item areconly
+On Windows use only the A or AAAA record when resolving the LDAP
+server name.
 @end table
 
 Note that in an URL style specification the scheme @code{ldaps://}
-- 
cgit v1.2.3