diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-08 20:59:22 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-25 22:04:11 +0200 |
| commit | 5e9833aa7b1a89cbb2c0cf667a99cb0bc4ad7963 (patch) | |
| tree | 95f2e62afd353907aa00bfbe9b89ee7483ec1a00 /src/providers/ad/ad_init.c | |
| parent | 2cbf205f3fe25087666ff108c2ad380fd3cbfe46 (diff) | |
| download | sssd-5e9833aa7b1a89cbb2c0cf667a99cb0bc4ad7963.tar.gz sssd-5e9833aa7b1a89cbb2c0cf667a99cb0bc4ad7963.tar.xz sssd-5e9833aa7b1a89cbb2c0cf667a99cb0bc4ad7963.zip | |
AD: Add extended access filter
https://fedorahosted.org/sssd/ticket/2082
Adds a new option that allows the admin to specify a LDAP access filter
that can be applied globally, per-domain or per-forest.
Diffstat (limited to 'src/providers/ad/ad_init.c')
| -rw-r--r-- | src/providers/ad/ad_init.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index d7f41a563..d06efbd08 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -402,7 +402,10 @@ sssm_ad_access_init(struct be_ctx *bectx, access_ctx->sdap_access_ctx->access_rule[0] = LDAP_ACCESS_EXPIRE; filter = dp_opt_get_cstring(access_ctx->ad_options, AD_ACCESS_FILTER); if (filter != NULL) { - access_ctx->sdap_access_ctx->filter = sdap_get_access_filter( + /* The processing of the extended filter is performed during the access + * check itself + */ + access_ctx->sdap_access_ctx->filter = talloc_strdup( access_ctx->sdap_access_ctx, filter); if (access_ctx->sdap_access_ctx->filter == NULL) { |