From 045c7c123eeb720173c19d5196b4fb5bb4cecbaa Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Sun, 20 Nov 2011 20:50:27 -0500
Subject: ipa-kdb: enhance deref searches

Allow to deref more than one attribute.
The attrs searched are the same for all deref attributes at this time.
---
 daemons/ipa-kdb/ipa_kdb_mspac.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'daemons/ipa-kdb/ipa_kdb_mspac.c')

diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 7b19611b3..8f4affa40 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -84,6 +84,11 @@ static char *user_pac_attrs[] = {
     NULL
 };
 
+char *deref_search_attrs[] = {
+    "memberOf",
+    NULL
+};
+
 static char *memberof_pac_attrs[] = {
     "gidNumber",
     "ipaNTSecurityIdentifier",
@@ -502,8 +507,10 @@ static krb5_error_code ipadb_get_pac(krb5_context kcontext,
 
 
     /* == Search PAC info == */
-    kerr = ipadb_deref_search(ipactx, ied->entry_dn, user_pac_attrs,
-                              "memberOf", memberof_pac_attrs, &results);
+    kerr = ipadb_deref_search(ipactx, ied->entry_dn, LDAP_SCOPE_BASE,
+                              "(objectclass=*)", user_pac_attrs,
+                              deref_search_attrs, memberof_pac_attrs,
+                              &results);
     if (kerr) {
         goto done;
     }
-- 
cgit