diff options
author | Sumit Bose <sbose@redhat.com> | 2014-11-05 15:58:04 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-20 10:52:57 +0100 |
commit | acebf94a16c91b17c7c082538ab3083ee26aa992 (patch) | |
tree | f7053cd45c00e7edb1ca499640a0635c9d7c2bde /src/providers/ipa/ipa_views.c | |
parent | f1436acde39da5f1400a51153cf7fd370682a4c8 (diff) | |
download | sssd-acebf94a16c91b17c7c082538ab3083ee26aa992.tar.gz sssd-acebf94a16c91b17c7c082538ab3083ee26aa992.tar.xz sssd-acebf94a16c91b17c7c082538ab3083ee26aa992.zip |
IPA: check overrrides for IPA users as well
Currently overrides were only available for sub-domains, e.g. trusted AD
domains. With this patch overrides can be used for IPA users as well.
Related to https://fedorahosted.org/sssd/ticket/2481
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_views.c')
-rw-r--r-- | src/providers/ipa/ipa_views.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_views.c b/src/providers/ipa/ipa_views.c index ee586894e..c768186d7 100644 --- a/src/providers/ipa/ipa_views.c +++ b/src/providers/ipa/ipa_views.c @@ -125,6 +125,21 @@ static errno_t be_acct_req_to_override_filter(TALLOC_CTX *mem_ctx, } break; + case BE_FILTER_UUID: + if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_BY_UUID) { + filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=:IPA:%s:%s))", + ipa_opts->override_map[IPA_OC_OVERRIDE].name, + ipa_opts->override_map[IPA_AT_OVERRIDE_ANCHOR_UUID].name, + dp_opt_get_string(ipa_opts->basic, IPA_DOMAIN), + ar->filter_value); + } else { + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected entry type [%d] for UUID filter.\n", + ar->entry_type); + return EINVAL; + } + break; + default: DEBUG(SSSDBG_OP_FAILURE, "Invalid sub-domain filter type.\n"); return EINVAL; |