diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-23 19:39:17 +0200 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2013-10-24 07:53:34 +0300 |
commit | c088c940e6ce33d878c3b50d38424f8adcab6c7d (patch) | |
tree | 3b89926b2cadf1d1ec5d439da1b68bd8372dd379 /ipalib | |
parent | ced2170b9d7957256763f7b20133d5219d632111 (diff) | |
download | freeipa.git-c088c940e6ce33d878c3b50d38424f8adcab6c7d.tar.gz freeipa.git-c088c940e6ce33d878c3b50d38424f8adcab6c7d.tar.xz freeipa.git-c088c940e6ce33d878c3b50d38424f8adcab6c7d.zip |
trusts: combine filters with AND to make sure only the intended domain matches
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/trust.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index af7bf33a..0d651f88 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -255,7 +255,8 @@ class trust(LDAPObject): trust_type = kwargs.get('trust_type') if trust_type is None: ldap = self.backend - filter = ldap.make_filter({'objectclass': ['ipaNTTrustedDomain'], 'cn': [keys[-1]]}) + filter = ldap.make_filter({'objectclass': ['ipaNTTrustedDomain'], 'cn': [keys[-1]] }, + rules=ldap.MATCH_ALL) filter = ldap.combine_filters((filter, "ipaNTSIDBlacklistIncoming=*"), rules=ldap.MATCH_ALL) try: result = ldap.get_entries(DN(self.container_dn, self.env.basedn), |