From 2ddd4bf55e325071566aa1c78e3681c3239895da Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik@redhat.com>
Date: Jan 11 2021 20:39:25 +0000
Subject: Add compatibility with BIND 9.16.10 API change


One parameter was added to function used internally by plugin. Nothing
like -nsec3param auto is supported by LDAP plugin. It is safe to set
resalt false always. Salt can be changed via LDAP, but has to be
specified manually.

---

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index a81a9d2..3b4ae5c 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -1792,10 +1792,17 @@ zone_master_reconfigure_nsec3param(settings_set_t *zone_settings,
 			  dns_rdatatype_nsec3param, origin, nsec3p_str,
 			  &nsec3p_rdata));
 	CHECK(dns_rdata_tostruct(nsec3p_rdata, &nsec3p_rr, NULL));
+#if LIBDNS_VERSION_MAJOR > 1609
+	CHECK(dns_zone_setnsec3param(secure, nsec3p_rr.hash, nsec3p_rr.flags,
+				     nsec3p_rr.iterations,
+				     nsec3p_rr.salt_length, nsec3p_rr.salt,
+				     true, false));
+#else
 	CHECK(dns_zone_setnsec3param(secure, nsec3p_rr.hash, nsec3p_rr.flags,
 				     nsec3p_rr.iterations,
 				     nsec3p_rr.salt_length, nsec3p_rr.salt,
 				     true));
+#endif
 
 cleanup:
 	if (nsec3p_rdata != NULL) {