diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2016-06-19 08:37:10 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-07 10:27:01 +0200 |
commit | 7a9f3fc59a2041e868fa9524d8351ec48ec8c158 (patch) | |
tree | d8383fe0110f76f908abd2e96196fb67f3036f36 /src | |
parent | 5e87a8bd1f577f503b59d35eee1443f64a74f372 (diff) | |
download | sssd-7a9f3fc59a2041e868fa9524d8351ec48ec8c158.tar.gz sssd-7a9f3fc59a2041e868fa9524d8351ec48ec8c158.tar.xz sssd-7a9f3fc59a2041e868fa9524d8351ec48ec8c158.zip |
LDAP: The access control filter just needs the plain username
The LDAP access control code uses shortnames to construct an LDAP
filter.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap_access.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index d9a164814..6e8af7307 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -884,12 +884,11 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, } /* Construct the filter */ - /* Subdomain users are identified by FQDN. We need to use just the username */ - ret = sss_parse_name(state, domain->names, username, NULL, &name); + ret = sss_parse_internal_fqname(state, username, &name, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Could not parse [%s] into name and " - "domain components, access might fail\n", username); + "domain components, access might fail\n", username); name = discard_const(username); } |