diff options
author | Lars Müller <lmuelle@samba.org> | 2007-07-06 18:49:49 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:23:50 -0500 |
commit | 5be96d09a7c457b1763d7ad482b5a5a92c02d157 (patch) | |
tree | b6df1f12301f75efc510b1aecd755a3ab351e092 /source/nsswitch | |
parent | 4c04059f7dfa0096c9f3249b55269f7335137f48 (diff) | |
download | samba-5be96d09a7c457b1763d7ad482b5a5a92c02d157.tar.gz samba-5be96d09a7c457b1763d7ad482b5a5a92c02d157.tar.xz samba-5be96d09a7c457b1763d7ad482b5a5a92c02d157.zip |
r23733: Limit LDAP lookup in lookup_usergroups_member() to security groups.
Credits to Ralf Haferkamp for the discussion and help on this.
Diffstat (limited to 'source/nsswitch')
-rw-r--r-- | source/nsswitch/winbindd_ads.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source/nsswitch/winbindd_ads.c b/source/nsswitch/winbindd_ads.c index 09289912f99..b6aa95c51ea 100644 --- a/source/nsswitch/winbindd_ads.c +++ b/source/nsswitch/winbindd_ads.c @@ -570,7 +570,12 @@ static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain, goto done; } - if (!(ldap_exp = talloc_asprintf(mem_ctx, "(&(member=%s)(objectCategory=group))", escaped_dn))) { + ldap_exp = talloc_asprintf(mem_ctx, + "(&(member=%s)(objectCategory=group)(groupType:dn:%s:=%d))", + escaped_dn, + ADS_LDAP_MATCHING_RULE_BIT_AND, + GROUP_TYPE_SECURITY_ENABLED); + if (!ldap_exp) { DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn)); SAFE_FREE(escaped_dn); status = NT_STATUS_NO_MEMORY; |