AD: Fix defaults for krb5_canonicalize

The AD provider cannot function with canonicalization because of
a bug in Active Directory rendering it unable to complete a
password-change while canonicalization is enabled.

1 files changed, 2 insertions, 2 deletions

diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h
index 9f950a803..0d957bcd4 100644
--- a/src/providers/ad/ad_opts.h
+++ b/src/providers/ad/ad_opts.h
@@ -83,7 +83,7 @@ struct dp_option ad_def_ldap_opts[] = {
     /* use the same parm name as the krb5 module so we set it only once */
     { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
-    { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_TRUE },
+    { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     { "ldap_pwd_policy", DP_OPT_STRING, { "none" }, NULL_STRING },
     { "ldap_referrals", DP_OPT_BOOL, BOOL_FALSE, BOOL_TRUE },
     { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
@@ -134,7 +134,7 @@ struct dp_option ad_def_krb5_opts[] = {
     { "krb5_renew_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER },
     { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING },
-    { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
+    { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     DP_OPTION_TERMINATOR
 };