diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-08 20:59:22 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-25 21:02:43 +0200 |
commit | 1ce58f139699dd26b8888f4131c996263b6a80a5 (patch) | |
tree | 6f4fba5bbc0ef6e34e1f41447ae8fe3e918ceba5 /src/providers/ad/ad_init.c | |
parent | 67b1fc914190e12ab014c0616b7f0a642fbe6356 (diff) | |
download | sssd-1ce58f139699dd26b8888f4131c996263b6a80a5.tar.gz sssd-1ce58f139699dd26b8888f4131c996263b6a80a5.tar.xz sssd-1ce58f139699dd26b8888f4131c996263b6a80a5.zip |
AD: Add extended access filter
https://fedorahosted.org/sssd/ticket/2082
Adds a new option that allows the admin to specify a LDAP access filter
that can be applied globally, per-domain or per-forest.
Diffstat (limited to 'src/providers/ad/ad_init.c')
-rw-r--r-- | src/providers/ad/ad_init.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index d7f41a563..d06efbd08 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -402,7 +402,10 @@ sssm_ad_access_init(struct be_ctx *bectx, access_ctx->sdap_access_ctx->access_rule[0] = LDAP_ACCESS_EXPIRE; filter = dp_opt_get_cstring(access_ctx->ad_options, AD_ACCESS_FILTER); if (filter != NULL) { - access_ctx->sdap_access_ctx->filter = sdap_get_access_filter( + /* The processing of the extended filter is performed during the access + * check itself + */ + access_ctx->sdap_access_ctx->filter = talloc_strdup( access_ctx->sdap_access_ctx, filter); if (access_ctx->sdap_access_ctx->filter == NULL) { |