3 files changed, 11 insertions, 23 deletions

diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index bf148bf48..667920edc 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -282,11 +282,6 @@
                             bases.
                         </para>
                         <para>
-                            If filter is given in any of search bases and
-                            <emphasis>ipa_hbac_support_srchost</emphasis>
-                            is set to False, the filter will be ignored.
-                        </para>
-                        <para>
                             Default: the value of
                             <emphasis>ldap_search_base</emphasis>
                         </para>
@@ -459,24 +454,6 @@
                 </varlistentry>
 
                 <varlistentry>
-                    <term>ipa_hbac_support_srchost (boolean)</term>
-                    <listitem>
-                        <para>
-                            If this is set to false, then srchost as given
-                            to SSSD by PAM will be ignored.
-                        </para>
-                        <para>
-                            Note that if set to <emphasis>False</emphasis>,
-                            this option casuses filters given in
-                            <emphasis>ipa_host_search_base</emphasis> to be ignored;
-                        </para>
-                        <para>
-                            Default: false
-                        </para>
-                    </listitem>
-                </varlistentry>
-
-                <varlistentry>
                     <term>ipa_server_mode (boolean)</term>
                     <listitem>
                         <para>
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 58539f4c6..7d44788af 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -346,6 +346,12 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx)
          *    we want all hosts
          */
         hostname = NULL;
+
+        /* THIS FEATURE IS DEPRECATED */
+        DEBUG(SSSDBG_MINOR_FAILURE, ("WARNING: Using deprecated option "
+                    "ipa_hbac_support_srchost.\n"));
+        sss_log(SSS_LOG_NOTICE, "WARNING: Using deprecated option "
+                    "ipa_hbac_support_srchost.\n");
     } else {
         hostname = dp_opt_get_string(hbac_ctx->ipa_options, IPA_HOSTNAME);
     }
diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c
index 7f387c633..e85206e8f 100644
--- a/src/providers/ipa/ipa_hbac_hosts.c
+++ b/src/providers/ipa/ipa_hbac_hosts.c
@@ -268,6 +268,11 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
         shosts->category = HBAC_CATEGORY_ALL;
         ret = EOK;
         goto done;
+    } else {
+        DEBUG(SSSDBG_MINOR_FAILURE, ("WARNING: Using deprecated option "
+                    "ipa_hbac_support_srchost.\n"));
+        sss_log(SSS_LOG_NOTICE, "WARNING: Using deprecated option "
+                    "ipa_hbac_support_srchost.\n");
     }
 
     ret = hbac_host_attrs_to_rule(tmp_ctx, domain,