1 files changed, 13 insertions, 0 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
index 15db491171..34f848de8a 100644
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -35,6 +35,7 @@
 #include "auth/auth.h"
 #include "libcli/security/security.h"
 #include "dsdb/samdb/samdb.h"
+#include "param/param.h"
 
 /* Kludge ACL rules:
  *
@@ -46,6 +47,7 @@
 
 struct kludge_private_data {
 	const char **password_attrs;
+	bool acl_perform;
 };
 
 static enum security_user_level what_is_user(struct ldb_module *module) 
@@ -325,6 +327,9 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
 
 	data = talloc_get_type(ldb_module_get_private(module), struct kludge_private_data);
 
+	if (data && data->acl_perform)
+		return ldb_next_request(module, req);
+
 	ac->module = module;
 	ac->req = req;
 	ac->user_type = what_is_user(module);
@@ -397,6 +402,12 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req)
 {
 	struct ldb_context *ldb = ldb_module_get_ctx(module);
 	enum security_user_level user_type = what_is_user(module);
+	struct kludge_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							   struct kludge_private_data);
+
+	if (data->acl_perform)
+		return ldb_next_request(module, req);
+
 	switch (user_type) {
 	case SECURITY_SYSTEM:
 	case SECURITY_ADMINISTRATOR:
@@ -459,6 +470,8 @@ static int kludge_acl_init(struct ldb_module *module)
 	}
 
 	data->password_attrs = NULL;
+	data->acl_perform = lp_parm_bool(ldb_get_opaque(ldb, "loadparm"),
+					 NULL, "acl", "perform", false);
 	ldb_module_set_private(module, data);
 
 	if (!mem_ctx) {