Add ldap_access_filter option

This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.

Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com

2 files changed, 12 insertions, 0 deletions

diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index 2d4a38d79..bfad77d8a 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -166,6 +166,16 @@ int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
     return sysdb_attrs_add_val(attrs, name, &v);
 }
 
+int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
+                         const char *name, bool value)
+{
+    if(value) {
+        return sysdb_attrs_add_string(attrs, name, "TRUE");
+    }
+
+    return sysdb_attrs_add_string(attrs, name, "FALSE");
+}
+
 int sysdb_attrs_steal_string(struct sysdb_attrs *attrs,
                              const char *name, char *str)
 {
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 23560ecd9..a5413a25c 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -161,6 +161,8 @@ int sysdb_attrs_add_val(struct sysdb_attrs *attrs,
                         const char *name, const struct ldb_val *val);
 int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
                            const char *name, const char *str);
+int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
+                         const char *name, bool value);
 int sysdb_attrs_add_long(struct sysdb_attrs *attrs,
                          const char *name, long value);
 int sysdb_attrs_add_uint32(struct sysdb_attrs *attrs,