Implemented support for multiple search bases in HBAC rules and services

1 files changed, 24 insertions, 1 deletions

diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 2e6dad8ae..9f1178a94 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -572,7 +572,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
             goto done;
         }
 
-        DEBUG(6, ("Option %s set to %s\n",
+        DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
                   ipa_opts->basic[IPA_HOST_SEARCH_BASE].opt_name,
                   dp_opt_get_string(ipa_opts->basic,
                                     IPA_HOST_SEARCH_BASE)));
@@ -582,6 +582,29 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
                                  &ipa_opts->host_search_bases);
     if (ret != EOK) goto done;
 
+    if (NULL == dp_opt_get_string(ipa_opts->basic,
+                                  IPA_HBAC_SEARCH_BASE)) {
+        value = talloc_asprintf(tmpctx, "cn=hbac,%s", basedn);
+        if (!value) {
+            ret = ENOMEM;
+            goto done;
+        }
+
+        ret = dp_opt_set_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE, value);
+        if (ret != EOK) {
+            goto done;
+        }
+
+        DEBUG(6, ("Option %s set to %s\n",
+                  ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name,
+                  dp_opt_get_string(ipa_opts->basic,
+                                    IPA_HBAC_SEARCH_BASE)));
+    }
+    ret = sdap_parse_search_base(ipa_opts->basic, ipa_opts->basic,
+                                 IPA_HBAC_SEARCH_BASE,
+                                 &ipa_opts->hbac_search_bases);
+    if (ret != EOK) goto done;
+
     value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF);
     if (value != NULL) {
         ret = deref_string_to_val(value, &i);