summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_access.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/ldap_access.c')
-rw-r--r--src/providers/ldap/ldap_access.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_access.c b/src/providers/ldap/ldap_access.c
index bb5c37f44..b3920b7ac 100644
--- a/src/providers/ldap/ldap_access.c
+++ b/src/providers/ldap/ldap_access.c
@@ -49,6 +49,7 @@ void sdap_pam_access_handler(struct be_req *breq)
struct pam_data *pd;
struct tevent_req *req;
struct sdap_access_ctx *access_ctx;
+ struct sss_domain_info *dom;
pd = talloc_get_type(be_req_get_data(breq), struct pam_data);
@@ -56,8 +57,16 @@ void sdap_pam_access_handler(struct be_req *breq)
talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
struct sdap_access_ctx);
+ dom = be_ctx->domain;
+ if (strcasecmp(pd->domain, be_ctx->domain->name) != 0) {
+ /* Subdomain request, verify subdomain */
+ dom = find_subdomain_by_name(be_ctx->domain, pd->domain, true);
+ }
+
req = sdap_access_send(breq, be_ctx->ev, be_ctx,
- be_ctx->domain, access_ctx, pd);
+ dom, access_ctx,
+ access_ctx->id_ctx->conn,
+ pd);
if (req == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to start sdap_access request\n"));
sdap_access_reply(breq, PAM_SYSTEM_ERR);