LDAP: The access control filter just needs the plain username

The LDAP access control code uses shortnames to construct an LDAP filter. Reviewed-by: Sumit Bose <sbose@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2016-06-19 08:37:10 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2016-07-07 10:27:01 +0200
commit: 7a9f3fc59a2041e868fa9524d8351ec48ec8c158 (patch)
tree: d8383fe0110f76f908abd2e96196fb67f3036f36 /src
parent: 5e87a8bd1f577f503b59d35eee1443f64a74f372 (diff)
download: sssd-7a9f3fc59a2041e868fa9524d8351ec48ec8c158.tar.gz
sssd-7a9f3fc59a2041e868fa9524d8351ec48ec8c158.tar.xz
sssd-7a9f3fc59a2041e868fa9524d8351ec48ec8c158.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index d9a164814..6e8af7307 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -884,12 +884,11 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
     }
 
     /* Construct the filter */
-    /* Subdomain users are identified by FQDN. We need to use just the username */
-    ret = sss_parse_name(state, domain->names, username, NULL, &name);
+    ret = sss_parse_internal_fqname(state, username, &name, NULL);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE,
               "Could not parse [%s] into name and "
-               "domain components, access might fail\n", username);
+              "domain components, access might fail\n", username);
         name = discard_const(username);
     }
author	Jakub Hrozek <jhrozek@redhat.com>	2016-06-19 08:37:10 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2016-07-07 10:27:01 +0200
commit	7a9f3fc59a2041e868fa9524d8351ec48ec8c158 (patch)
tree	d8383fe0110f76f908abd2e96196fb67f3036f36 /src
parent	5e87a8bd1f577f503b59d35eee1443f64a74f372 (diff)
download	sssd-7a9f3fc59a2041e868fa9524d8351ec48ec8c158.tar.gz sssd-7a9f3fc59a2041e868fa9524d8351ec48ec8c158.tar.xz sssd-7a9f3fc59a2041e868fa9524d8351ec48ec8c158.zip