git.samba.org
/
abartlet
/
samba.git
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
24ebb4b
)
r23733: Limit LDAP lookup in lookup_usergroups_member() to security groups.
author
Lars Müller
<lmuelle@samba.org>
Fri, 6 Jul 2007 18:49:49 +0000
(18:49 +0000)
committer
Gerald (Jerry) Carter
<jerry@samba.org>
Wed, 10 Oct 2007 17:23:50 +0000
(12:23 -0500)
Credits to Ralf Haferkamp for the discussion and help on this.
(This used to be commit
5be96d09a7c457b1763d7ad482b5a5a92c02d157
)
source3/nsswitch/winbindd_ads.c
patch
|
blob
|
history
diff --git
a/source3/nsswitch/winbindd_ads.c
b/source3/nsswitch/winbindd_ads.c
index 09289912f998d3b096e621fb955d50934c7d693a..b6aa95c51ead41e5f2ffa6f193e5a25331f4b8ae 100644
(file)
--- a/
source3/nsswitch/winbindd_ads.c
+++ b/
source3/nsswitch/winbindd_ads.c
@@
-570,7
+570,12
@@
static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain,
goto done;
}
- if (!(ldap_exp = talloc_asprintf(mem_ctx, "(&(member=%s)(objectCategory=group))", escaped_dn))) {
+ ldap_exp = talloc_asprintf(mem_ctx,
+ "(&(member=%s)(objectCategory=group)(groupType:dn:%s:=%d))",
+ escaped_dn,
+ ADS_LDAP_MATCHING_RULE_BIT_AND,
+ GROUP_TYPE_SECURITY_ENABLED);
+ if (!ldap_exp) {
DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn));
SAFE_FREE(escaped_dn);
status = NT_STATUS_NO_MEMORY;