From c088c940e6ce33d878c3b50d38424f8adcab6c7d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 23 Oct 2013 19:39:17 +0200
Subject: trusts: combine filters with AND to make sure only the intended
 domain matches

---
 ipalib/plugins/trust.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'ipalib/plugins')

diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index af7bf33a..0d651f88 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -255,7 +255,8 @@ class trust(LDAPObject):
         trust_type = kwargs.get('trust_type')
         if trust_type is None:
             ldap = self.backend
-            filter = ldap.make_filter({'objectclass': ['ipaNTTrustedDomain'], 'cn': [keys[-1]]})
+            filter = ldap.make_filter({'objectclass': ['ipaNTTrustedDomain'], 'cn': [keys[-1]] },
+                                      rules=ldap.MATCH_ALL)
             filter = ldap.combine_filters((filter, "ipaNTSIDBlacklistIncoming=*"), rules=ldap.MATCH_ALL)
             try:
                 result = ldap.get_entries(DN(self.container_dn, self.env.basedn),
-- 
cgit