AD: Use the ad_access_filter if it's set

Related: https://fedorahosted.org/sssd/ticket/2082 Currently the AD access control only checks if an account has been expired. This patch amends the logic so that if ad_access_filter is set, it is used automatically.
author: Jakub Hrozek <jhrozek@redhat.com> 2013-10-07 18:02:04 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-10-25 22:04:11 +0200
commit: 9dd62f094fb4c1bfb04128de1c3ec20933603046 (patch)
tree: eded847415955a60fbad0a712c896f0671c85dee /src/providers/ldap/ldap_common.h
parent: e37cbdd9be139b9949024c94ae21c12b36a6c180 (diff)
download: sssd-9dd62f094fb4c1bfb04128de1c3ec20933603046.tar.gz
sssd-9dd62f094fb4c1bfb04128de1c3ec20933603046.tar.xz
sssd-9dd62f094fb4c1bfb04128de1c3ec20933603046.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index fb9a34c60..0bd6c9cc2 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -261,6 +261,9 @@ char *sdap_get_id_specific_filter(TALLOC_CTX *mem_ctx,
                                   const char *base_filter,
                                   const char *extra_filter);
 
+char *sdap_get_access_filter(TALLOC_CTX *mem_ctx,
+                             const char *base_filter);
+
 errno_t msgs2attrs_array(TALLOC_CTX *mem_ctx, size_t count,
                          struct ldb_message **msgs,
                          struct sysdb_attrs ***attrs);
author	Jakub Hrozek <jhrozek@redhat.com>	2013-10-07 18:02:04 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-10-25 22:04:11 +0200
commit	9dd62f094fb4c1bfb04128de1c3ec20933603046 (patch)
tree	eded847415955a60fbad0a712c896f0671c85dee /src/providers/ldap/ldap_common.h
parent	e37cbdd9be139b9949024c94ae21c12b36a6c180 (diff)
download	sssd-9dd62f094fb4c1bfb04128de1c3ec20933603046.tar.gz sssd-9dd62f094fb4c1bfb04128de1c3ec20933603046.tar.xz sssd-9dd62f094fb4c1bfb04128de1c3ec20933603046.zip