From 54ad5c70e3cc731c872913841cbcd2ef29ec0e54 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 9 Nov 2012 11:25:21 +0100
Subject: s4:dsdb/acl: fix search filter cleanup for password attributes

We need to this when we're *not* system.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/dsdb/samdb/ldb_modules/acl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/dsdb/samdb/ldb_modules/acl.c')

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 843d17e5d1..05926fb01b 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -1499,7 +1499,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
 	/* replace any attributes in the parse tree that are private,
 	   so we don't allow a search for 'userPassword=penguin',
 	   just as we would not allow that attribute to be returned */
-	if (ac->am_system) {
+	if (!ac->am_system) {
 		/* FIXME: We should copy the tree and keep the original unmodified. */
 		/* remove password attributes */
 		if (data && data->password_attrs) {
-- 
cgit