From 99ac4e92ff3205f80ef0fe823cbbd05eed7d2bb6 Mon Sep 17 00:00:00 2001 From: Nadezhda Ivanova Date: Sun, 26 Sep 2010 11:47:47 -0700 Subject: s4-ldbmodules: Added new module aclread to handle access checks on LDAP search It is currently enabled only if the request comes from the LDAP server, and is disabled by default. Use acl:search=true in smb.conf to enable it. It filters out all objects the user is not allowed to see, and all attributes the user does not have RP on. Extended access not supported yet. --- source4/dsdb/samdb/ldb_modules/wscript_build | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules/wscript_build') diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build b/source4/dsdb/samdb/ldb_modules/wscript_build index f6b5c28456..e455ae9249 100644 --- a/source4/dsdb/samdb/ldb_modules/wscript_build +++ b/source4/dsdb/samdb/ldb_modules/wscript_build @@ -331,3 +331,11 @@ bld.SAMBA_MODULE('ldb_lazy_commit', init_function='LDB_MODULE(lazy_commit)', deps='SAMDB' ) + +bld.SAMBA_MODULE('ldb_aclread', + source='acl_read.c', + subsystem='ldb', + init_function='LDB_MODULE(aclread)', + internal_module=not bld.CONFIG_SET('USING_SYSTEM_LDB'), + deps='talloc LIBEVENTS LIBSECURITY SAMDB' + ) -- cgit