The combination of commits 77adac8c3cd2f7419894d18db735782c9646a202 (auth/ntlmssp: always allow NTLMSSP_NEGOTIATE_{SIGN,SEAL} in gensec_ntlmssp_server_start()) and 3a0b835408a6efa339e8b34333906bfe3aacd6e3 (s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server) introduced a regression. As result the GENSEC_FEATURE_LDAP_STYLE feature (were NTLMSSP_NEGOTIATE_SIGN implicitly means NTLMSSP_NEGOTIATE_SEAL) doesn't work anymore as server.
Created attachment 14187 [details] Possible patches for master
Created attachment 14202 [details] patch for 4.8 cherry-picked from master
Created attachment 14203 [details] Patches for v4-7-test
Pushed to autobuild-v4-[7,8]-test.
Pushed to both branches. Closing out bug report. Thanks!