From 99ac4e92ff3205f80ef0fe823cbbd05eed7d2bb6 Mon Sep 17 00:00:00 2001
From: Nadezhda Ivanova <nivanova@samba.org>
Date: Sun, 26 Sep 2010 11:47:47 -0700
Subject: s4-ldbmodules: Added new module aclread to handle access checks on
 LDAP search

It is currently enabled only if the request comes from the LDAP server, and is
disabled  by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
---
 source4/dsdb/samdb/ldb_modules/config.mk | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'source4/dsdb/samdb/ldb_modules/config.mk')

diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk
index 93ce5645b7..442481fc6b 100644
--- a/source4/dsdb/samdb/ldb_modules/config.mk
+++ b/source4/dsdb/samdb/ldb_modules/config.mk
@@ -452,3 +452,14 @@ INIT_FUNCTION = LDB_MODULE(validate_update)
 ################################################
 
 ldb_validate_update_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/validate_update.o
+
+################################################
+# Start MODULE ldb_aclread
+[MODULE::ldb_aclread]
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSECURITY SAMDB
+SUBSYSTEM = LIBLDB
+INIT_FUNCTION = LDB_MODULE(aclread)
+# End MODULE ldb_acl
+################################################
+
+ldb_acl_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/acl_read.o
-- 
cgit