From 18a45c63a7902251a0d0b92f78f78eb7d26a0046 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 20 Oct 2010 12:58:50 +0200
Subject: Download only enabled IPA HBAC rules

---
 src/providers/ipa/ipa_access.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/providers/ipa')

diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 223bf1655..979959fb1 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -50,6 +50,7 @@
 #define IPA_CN "cn"
 #define IPA_MEMBER_SERVICE "memberService"
 #define IPA_SERVICE_CATEGORY "serviceCategory"
+#define IPA_TRUE_VALUE "TRUE"
 
 #define IPA_HOST_BASE_TMPL "cn=computers,cn=accounts,%s"
 #define IPA_HBAC_BASE_TMPL "cn=hbac,%s"
@@ -1085,7 +1086,8 @@ static struct tevent_req *hbac_get_rules_send(TALLOC_CTX *memctx,
 
     state->hbac_filter = talloc_asprintf(state,
                                          "(&(objectclass=ipaHBACRule)"
-                                           "(|(%s=%s)(%s=%s)",
+                                         "(%s=%s)(|(%s=%s)(%s=%s)",
+                                         IPA_ENABLED_FLAG, IPA_TRUE_VALUE,
                                          IPA_HOST_CATEGORY, "all",
                                          IPA_MEMBER_HOST, host_dn);
     if (state->hbac_filter == NULL) {
-- 
cgit