diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-08 17:50:56 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-25 21:02:43 +0200 |
commit | 67b1fc914190e12ab014c0616b7f0a642fbe6356 (patch) | |
tree | 1a3975156760ac8c83d98ab6220d3e27f5a1770b /src/providers/ad/ad_init.c | |
parent | efe6b4a9d374339cac2528cdeb43720957c6b7c9 (diff) | |
download | sssd-67b1fc914190e12ab014c0616b7f0a642fbe6356.tar.gz sssd-67b1fc914190e12ab014c0616b7f0a642fbe6356.tar.xz sssd-67b1fc914190e12ab014c0616b7f0a642fbe6356.zip |
AD: Search GC by default during access control, fall back to LDAP
Resolves:
https://fedorahosted.org/sssd/ticket/2082
In order to allow the ad_access_filter option to work for subdomain
users as well, the Global Catalog must be searched. This patch adds a
wrapper request atop sdap_access_send that selects the right connection
(GC or LDAP) and optionally falls back to LDAP.
Diffstat (limited to 'src/providers/ad/ad_init.c')
-rw-r--r-- | src/providers/ad/ad_init.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index d744c2a05..d7f41a563 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -375,7 +375,8 @@ sssm_ad_access_init(struct be_ctx *bectx, if (ret != EOK) { goto fail; } - access_ctx->sdap_ctx = ad_id_ctx->sdap_id_ctx; + access_ctx->ldap_ctx = ad_id_ctx->ldap_ctx; + access_ctx->gc_ctx = ad_id_ctx->gc_ctx; ret = dp_copy_options(access_ctx, ad_options->basic, AD_OPTS_BASIC, &access_ctx->ad_options); @@ -393,7 +394,7 @@ sssm_ad_access_init(struct be_ctx *bectx, ret = ENOMEM; goto fail; } - access_ctx->sdap_access_ctx->id_ctx = access_ctx->sdap_ctx; + access_ctx->sdap_access_ctx->id_ctx = ad_id_ctx->sdap_id_ctx; /* If ad_access_filter is set, the value of ldap_acess_order is * expire, filter, otherwise only expire |