summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libnet/libnet_dssync_keytab.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c
index d74ee3dbdb..2558e1d801 100644
--- a/source3/libnet/libnet_dssync_keytab.c
+++ b/source3/libnet/libnet_dssync_keytab.c
@@ -554,6 +554,24 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
return status;
}
+static bool dn_is_in_object_list(struct dssync_context *ctx,
+ const char *dn)
+{
+ uint32_t count;
+
+ if (ctx->object_count == 0) {
+ return true;
+ }
+
+ for (count = 0; count < ctx->object_count; count++) {
+ if (strequal(ctx->object_dns[count], dn)) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
/****************************************************************
****************************************************************/
@@ -567,6 +585,16 @@ static NTSTATUS keytab_process_objects(struct dssync_context *ctx,
(struct libnet_keytab_context *)ctx->private_data;
for (; cur; cur = cur->next_object) {
+ /*
+ * When not in single object replication mode,
+ * the object_dn list is used as a positive write filter.
+ */
+ if (!ctx->single_object_replication &&
+ !dn_is_in_object_list(ctx, cur->object.identifier->dn))
+ {
+ continue;
+ }
+
status = parse_object(mem_ctx, keytab_ctx, cur);
if (!NT_STATUS_IS_OK(status)) {
goto out;