summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-09-22 09:57:26 +1000
committerAndrew Tridgell <tridge@samba.org>2011-09-22 10:00:49 +1000
commitb92e0a232eabc8e759ae18909d6f0d59d4e05736 (patch)
treebbc83b0154ade1cce7367759a611e5b7ba27dfcf /source4
parent3e685f599580d5fe006a07511fa78c23f30dd5fb (diff)
downloadsamba-b92e0a232eabc8e759ae18909d6f0d59d4e05736.tar.gz
samba-b92e0a232eabc8e759ae18909d6f0d59d4e05736.tar.bz2
samba-b92e0a232eabc8e759ae18909d6f0d59d4e05736.zip
s4-kdc: set NO_GLOBAL_CATALOG control in kdc
the kdc doesn't want to find users who are in partialReplica partitions, as they won't have the needed secret info for the kdc to operate. We need to generate referrals instead Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/kdc/db-glue.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 52bacd0f9d..6634d0c180 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1297,7 +1297,9 @@ static krb5_error_code samba_kdc_lookup_server(krb5_context context,
ldb_ret = dsdb_search_one(kdc_db_ctx->samdb,
mem_ctx,
msg, user_dn, LDB_SCOPE_BASE,
- attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "(objectClass=*)");
+ attrs,
+ DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG,
+ "(objectClass=*)");
if (ldb_ret != LDB_SUCCESS) {
return HDB_ERR_NOENTRY;
}
@@ -1311,7 +1313,7 @@ static krb5_error_code samba_kdc_lookup_server(krb5_context context,
*realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
realm = krb5_principal_get_realm(context, principal);
- /* TODO: Check if it is our realm, otherwise give referall */
+ /* TODO: Check if it is our realm, otherwise give referral */
ret = krb5_unparse_name_flags(context, principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &short_princ);
@@ -1324,7 +1326,7 @@ static krb5_error_code samba_kdc_lookup_server(krb5_context context,
lret = dsdb_search_one(kdc_db_ctx->samdb, mem_ctx, msg,
*realm_dn, LDB_SCOPE_SUBTREE,
attrs,
- DSDB_SEARCH_SHOW_EXTENDED_DN,
+ DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG,
"(&(objectClass=user)(samAccountName=%s))",
ldb_binary_encode_string(mem_ctx, short_princ));
free(short_princ);