diff options
| -rw-r--r-- | lib/ldb/ldb_tdb/ldb_cache.c | 10 | ||||
| -rw-r--r-- | lib/ldb/ldb_tdb/ldb_index.c | 9 | ||||
| -rw-r--r-- | lib/ldb/ldb_tdb/ldb_tdb.h | 2 | ||||
| -rw-r--r-- | source4/setup/provision_init.ldif | 1 |
4 files changed, 20 insertions, 2 deletions
diff --git a/lib/ldb/ldb_tdb/ldb_cache.c b/lib/ldb/ldb_tdb/ldb_cache.c index 0b93021884..6467af1d00 100644 --- a/lib/ldb/ldb_tdb/ldb_cache.c +++ b/lib/ldb/ldb_tdb/ldb_cache.c @@ -346,11 +346,17 @@ int ltdb_cache_load(struct ldb_module *module) goto failed; } - /* set flag for checking base DN on searches */ + /* set flags if they do exist */ if (r == LDB_SUCCESS) { - ltdb->check_base = ldb_msg_find_attr_as_bool(options, LTDB_CHECK_BASE, false); + ltdb->check_base = ldb_msg_find_attr_as_bool(options, + LTDB_CHECK_BASE, + false); + ltdb->disallow_dn_filter = ldb_msg_find_attr_as_bool(options, + LTDB_DISALLOW_DN_FILTER, + false); } else { ltdb->check_base = false; + ltdb->disallow_dn_filter = false; } talloc_free(ltdb->cache->indexlist); diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c index 24cc93feb9..a3848eddb2 100644 --- a/lib/ldb/ldb_tdb/ldb_index.c +++ b/lib/ldb/ldb_tdb/ldb_index.c @@ -510,6 +510,15 @@ static int ltdb_index_dn_leaf(struct ldb_module *module, const struct ldb_message *index_list, struct dn_list *list) { + struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), + struct ltdb_private); + if (ltdb->disallow_dn_filter && + (ldb_attr_cmp(tree->u.equality.attr, "dn") == 0)) { + /* in AD mode we do not support "(dn=...)" search filters */ + list->dn = NULL; + list->count = 0; + return LDB_SUCCESS; + } if (ldb_attr_dn(tree->u.equality.attr) == 0) { list->dn = talloc_array(list, struct ldb_val, 1); if (list->dn == NULL) { diff --git a/lib/ldb/ldb_tdb/ldb_tdb.h b/lib/ldb/ldb_tdb/ldb_tdb.h index 29856bf827..3b87b56bfd 100644 --- a/lib/ldb/ldb_tdb/ldb_tdb.h +++ b/lib/ldb/ldb_tdb/ldb_tdb.h @@ -26,6 +26,7 @@ struct ltdb_private { int in_transaction; bool check_base; + bool disallow_dn_filter; struct ltdb_idxptr *idxptr; bool prepared_commit; int read_lock_count; @@ -62,6 +63,7 @@ struct ltdb_context { /* special attribute types */ #define LTDB_SEQUENCE_NUMBER "sequenceNumber" #define LTDB_CHECK_BASE "checkBaseOnSearch" +#define LTDB_DISALLOW_DN_FILTER "disallowDNFilter" #define LTDB_MOD_TIMESTAMP "whenChanged" #define LTDB_OBJECTCLASS "objectClass" diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index d9ec28624b..68b3d97673 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -20,6 +20,7 @@ passwordAttribute: initialAuthIncoming dn: @OPTIONS checkBaseOnSearch: TRUE +disallowDNFilter: TRUE dn: @SAMBA_DSDB backendType: ${BACKEND_TYPE} |