diff options
Diffstat (limited to 'src/providers/ad/ad_init.c')
-rw-r--r-- | src/providers/ad/ad_init.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index 74ef42304..0a54d3970 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -370,6 +370,7 @@ sssm_ad_access_init(struct be_ctx *bectx, struct ad_access_ctx *access_ctx; struct ad_id_ctx *ad_id_ctx; const char *filter; + const char *gpo_access_control_mode; access_ctx = talloc_zero(bectx, struct ad_access_ctx); if (!access_ctx) return ENOMEM; @@ -421,6 +422,23 @@ sssm_ad_access_init(struct be_ctx *bectx, access_ctx->sdap_access_ctx->access_rule[1] = LDAP_ACCESS_EMPTY; } + /* GPO access control mode */ + gpo_access_control_mode = + dp_opt_get_string(access_ctx->ad_options, AD_GPO_ACCESS_CONTROL); + if (strcasecmp(gpo_access_control_mode, "disabled") == 0) { + access_ctx->gpo_access_control_mode = GPO_ACCESS_CONTROL_DISABLED; + } else if (strcasecmp(gpo_access_control_mode, "permissive") == 0) { + access_ctx->gpo_access_control_mode = GPO_ACCESS_CONTROL_PERMISSIVE; + } else if (strcasecmp(gpo_access_control_mode, "enforcing") == 0) { + access_ctx->gpo_access_control_mode = GPO_ACCESS_CONTROL_ENFORCING; + } else { + DEBUG(SSSDBG_FATAL_FAILURE, + "Unrecognized GPO access control mode: %s\n", + gpo_access_control_mode); + ret = EINVAL; + goto fail; + } + *ops = &ad_access_ops; *pvt_data = access_ctx; |