diff -up openchange-openchange-2.3-VULCAN/libmapi/IProfAdmin.c.samba-4.15 openchange-openchange-2.3-VULCAN/libmapi/IProfAdmin.c
--- openchange-openchange-2.3-VULCAN/libmapi/IProfAdmin.c.samba-4.15	2021-07-19 12:26:37.615770488 +0200
+++ openchange-openchange-2.3-VULCAN/libmapi/IProfAdmin.c	2021-07-19 12:26:39.640771957 +0200
@@ -794,7 +794,7 @@ _PUBLIC_ enum MAPISTATUS LoadProfile(str
 		cli_credentials_set_password(profile->credentials, profile->password, CRED_SPECIFIED);
 	}
 	if (use_krb != CRED_USE_KERBEROS_DESIRED) {
-		cli_credentials_set_kerberos_state(profile->credentials, use_krb);
+		cli_credentials_set_kerberos_state(profile->credentials, use_krb, CRED_SPECIFIED);
 	}
 
 	return MAPI_E_SUCCESS;
diff -up openchange-openchange-2.3-VULCAN/ndr_mapi.c.samba-4.15 openchange-openchange-2.3-VULCAN/ndr_mapi.c
--- openchange-openchange-2.3-VULCAN/ndr_mapi.c.samba-4.15	2021-07-19 12:59:29.801210983 +0200
+++ openchange-openchange-2.3-VULCAN/ndr_mapi.c	2021-07-19 13:07:49.382594567 +0200
@@ -1235,15 +1235,18 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
 	TALLOC_CTX	*_mem_save_rgbAuxOut_1;
 
 	if (flags & NDR_IN) {
+		uint32_t array_length = 0, array_size = 0;
 		OC_ZERO_STRUCT(r->out);
 
 		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.szUserDN));
 		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.szUserDN));
-		if (ndr_get_array_length(ndr, &r->in.szUserDN) > ndr_get_array_size(ndr, &r->in.szUserDN)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.szUserDN), ndr_get_array_length(ndr, &r->in.szUserDN));
+		NDR_CHECK(ndr_get_array_length(ndr, &r->in.szUserDN, &array_length));
+		NDR_CHECK(ndr_get_array_size(ndr, &r->in.szUserDN, &array_size));
+		if (array_length > array_size) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", array_size, array_length);
 		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.szUserDN), sizeof(uint8_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.szUserDN, ndr_get_array_length(ndr, &r->in.szUserDN), sizeof(uint8_t), CH_DOS));
+		NDR_CHECK(ndr_check_string_terminator(ndr, array_length, sizeof(uint8_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.szUserDN, array_length, sizeof(uint8_t), CH_DOS));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ulFlags));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ulConMod));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.cbLimit));
@@ -1317,6 +1320,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
 	}
 
 	if (flags & NDR_OUT) {
+		uint32_t array_length = 0, array_size = 0;
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.handle);
 		}
@@ -1366,11 +1370,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
 			NDR_PULL_SET_MEM_CTX(ndr, *r->out.szDNPrefix, 0);
 			NDR_CHECK(ndr_pull_array_size(ndr, r->out.szDNPrefix));
 			NDR_CHECK(ndr_pull_array_length(ndr, r->out.szDNPrefix));
-			if (ndr_get_array_length(ndr, r->out.szDNPrefix) > ndr_get_array_size(ndr, r->out.szDNPrefix)) {
-				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.szDNPrefix), ndr_get_array_length(ndr, r->out.szDNPrefix));
+			NDR_CHECK(ndr_get_array_length(ndr, r->out.szDNPrefix, &array_length));
+			NDR_CHECK(ndr_get_array_size(ndr, r->out.szDNPrefix, &array_size));
+			if (array_length > array_size) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", array_size, array_length);
 			}
-			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.szDNPrefix), sizeof(uint8_t)));
-			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDNPrefix, ndr_get_array_length(ndr, r->out.szDNPrefix), sizeof(uint8_t), CH_DOS));
+			NDR_CHECK(ndr_check_string_terminator(ndr, array_length, sizeof(uint8_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDNPrefix, array_length, sizeof(uint8_t), CH_DOS));
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDNPrefix_1, 0);
 		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDNPrefix_0, LIBNDR_FLAG_REF_ALLOC);
@@ -1391,11 +1397,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
 			NDR_PULL_SET_MEM_CTX(ndr, *r->out.szDisplayName, 0);
 			NDR_CHECK(ndr_pull_array_size(ndr, r->out.szDisplayName));
 			NDR_CHECK(ndr_pull_array_length(ndr, r->out.szDisplayName));
-			if (ndr_get_array_length(ndr, r->out.szDisplayName) > ndr_get_array_size(ndr, r->out.szDisplayName)) {
-				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.szDisplayName), ndr_get_array_length(ndr, r->out.szDisplayName));
+			NDR_CHECK(ndr_get_array_length(ndr, r->out.szDisplayName, &array_length));
+			NDR_CHECK(ndr_get_array_size(ndr, r->out.szDisplayName, &array_size));
+			if (array_length > array_size) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", array_size, array_length);
 			}
-			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.szDisplayName), sizeof(uint8_t)));
-			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDisplayName, ndr_get_array_length(ndr, r->out.szDisplayName), sizeof(uint8_t), CH_DOS));
+			NDR_CHECK(ndr_check_string_terminator(ndr, array_length, sizeof(uint8_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDisplayName, array_length, sizeof(uint8_t), CH_DOS));
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDisplayName_1, 0);
 		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDisplayName_0, LIBNDR_FLAG_REF_ALLOC);
@@ -1415,14 +1423,16 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pulTimeStamp_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.rgbAuxOut));
 		NDR_CHECK(ndr_pull_array_length(ndr, &r->out.rgbAuxOut));
-		if (ndr_get_array_length(ndr, &r->out.rgbAuxOut) > ndr_get_array_size(ndr, &r->out.rgbAuxOut)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.rgbAuxOut), ndr_get_array_length(ndr, &r->out.rgbAuxOut));
+		NDR_CHECK(ndr_get_array_length(ndr, &r->out.rgbAuxOut, &array_length));
+		NDR_CHECK(ndr_get_array_size(ndr, &r->out.rgbAuxOut, &array_size));
+		if (array_length > array_size) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", array_size, array_length);
 		}
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC_N(ndr, r->out.rgbAuxOut, ndr_get_array_size(ndr, &r->out.rgbAuxOut));
+			NDR_PULL_ALLOC_N(ndr, r->out.rgbAuxOut, array_size);
 		}
 		/* Only try to pull rgbAuxOut if the fake array size is > 0 */
-		if (ndr_get_array_size(ndr, &r->out.rgbAuxOut)) {
+		if (array_size) {
 			_mem_save_rgbAuxOut_1 = NDR_PULL_GET_MEM_CTX(ndr);
 			NDR_PULL_SET_MEM_CTX(ndr, r->out.rgbAuxOut, 0);
 			NDR_CHECK(ndr_pull_mapi2k7_AuxInfo(ndr, NDR_SCALARS, r->out.rgbAuxOut));