diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-08 17:50:56 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-25 22:04:11 +0200 |
commit | 2cbf205f3fe25087666ff108c2ad380fd3cbfe46 (patch) | |
tree | a2007f593e2b5ecc29db4cd909cb921a21c6b068 /src/providers/ad/ad_init.c | |
parent | 9dd62f094fb4c1bfb04128de1c3ec20933603046 (diff) | |
download | sssd-2cbf205f3fe25087666ff108c2ad380fd3cbfe46.tar.gz sssd-2cbf205f3fe25087666ff108c2ad380fd3cbfe46.tar.xz sssd-2cbf205f3fe25087666ff108c2ad380fd3cbfe46.zip |
AD: Search GC by default during access control, fall back to LDAP
Resolves:
https://fedorahosted.org/sssd/ticket/2082
In order to allow the ad_access_filter option to work for subdomain
users as well, the Global Catalog must be searched. This patch adds a
wrapper request atop sdap_access_send that selects the right connection
(GC or LDAP) and optionally falls back to LDAP.
Diffstat (limited to 'src/providers/ad/ad_init.c')
-rw-r--r-- | src/providers/ad/ad_init.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index d744c2a05..d7f41a563 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -375,7 +375,8 @@ sssm_ad_access_init(struct be_ctx *bectx, if (ret != EOK) { goto fail; } - access_ctx->sdap_ctx = ad_id_ctx->sdap_id_ctx; + access_ctx->ldap_ctx = ad_id_ctx->ldap_ctx; + access_ctx->gc_ctx = ad_id_ctx->gc_ctx; ret = dp_copy_options(access_ctx, ad_options->basic, AD_OPTS_BASIC, &access_ctx->ad_options); @@ -393,7 +394,7 @@ sssm_ad_access_init(struct be_ctx *bectx, ret = ENOMEM; goto fail; } - access_ctx->sdap_access_ctx->id_ctx = access_ctx->sdap_ctx; + access_ctx->sdap_access_ctx->id_ctx = ad_id_ctx->sdap_id_ctx; /* If ad_access_filter is set, the value of ldap_acess_order is * expire, filter, otherwise only expire |