diff options
author | Jan Zeleny <jzeleny@redhat.com> | 2012-01-18 11:08:06 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-06 08:25:22 -0500 |
commit | 71ad247500b417836a1a2edec257a4433a7c415f (patch) | |
tree | 55ce381a9f7444b8aaea8d70ed02db2a9477b7e1 /src/providers/ipa/ipa_common.c | |
parent | 8a36504008872f03d1b1ca980adeceba28c331f5 (diff) | |
download | sssd-71ad247500b417836a1a2edec257a4433a7c415f.tar.gz sssd-71ad247500b417836a1a2edec257a4433a7c415f.tar.xz sssd-71ad247500b417836a1a2edec257a4433a7c415f.zip |
Implemented support for multiple search bases in HBAC rules and services
Diffstat (limited to 'src/providers/ipa/ipa_common.c')
-rw-r--r-- | src/providers/ipa/ipa_common.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 2e6dad8ae..9f1178a94 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -572,7 +572,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, ("Option %s set to %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", ipa_opts->basic[IPA_HOST_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_HOST_SEARCH_BASE))); @@ -582,6 +582,29 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, &ipa_opts->host_search_bases); if (ret != EOK) goto done; + if (NULL == dp_opt_get_string(ipa_opts->basic, + IPA_HBAC_SEARCH_BASE)) { + value = talloc_asprintf(tmpctx, "cn=hbac,%s", basedn); + if (!value) { + ret = ENOMEM; + goto done; + } + + ret = dp_opt_set_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE, value); + if (ret != EOK) { + goto done; + } + + DEBUG(6, ("Option %s set to %s\n", + ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name, + dp_opt_get_string(ipa_opts->basic, + IPA_HBAC_SEARCH_BASE))); + } + ret = sdap_parse_search_base(ipa_opts->basic, ipa_opts->basic, + IPA_HBAC_SEARCH_BASE, + &ipa_opts->hbac_search_bases); + if (ret != EOK) goto done; + value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF); if (value != NULL) { ret = deref_string_to_val(value, &i); |