summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-03-14 09:56:22 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-03-14 15:42:34 -0400
commitb46a9e1db77faceece974575e236da76dae3c159 (patch)
tree2f6ba30f7391b39bc87e4e01942e49b78c58e261 /src/providers/ldap
parent0112cf9f4a48494f1527018f86f762f2aff63f07 (diff)
downloadsssd-b46a9e1db77faceece974575e236da76dae3c159.tar.gz
sssd-b46a9e1db77faceece974575e236da76dae3c159.tar.bz2
sssd-b46a9e1db77faceece974575e236da76dae3c159.zip
Require existence of username, uid and gid for user enumeration
We will ignore users that do not have these three values.
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/ldap_id_enum.c30
1 files changed, 18 insertions, 12 deletions
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index 42c29119..6899b87c 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -441,19 +441,25 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
state->op = op;
if (ctx->srv_opts && ctx->srv_opts->max_user_value && !purge) {
- state->filter = talloc_asprintf(state,
- "(&(%s=*)(objectclass=%s)(%s>=%s)(!(%s=%s)))",
- ctx->opts->user_map[SDAP_AT_USER_NAME].name,
- ctx->opts->user_map[SDAP_OC_USER].name,
- ctx->opts->user_map[SDAP_AT_USER_USN].name,
- ctx->srv_opts->max_user_value,
- ctx->opts->user_map[SDAP_AT_USER_USN].name,
- ctx->srv_opts->max_user_value);
+ state->filter = talloc_asprintf(
+ state,
+ "(&(objectclass=%s)(%s=*)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))",
+ ctx->opts->user_map[SDAP_OC_USER].name,
+ ctx->opts->user_map[SDAP_AT_USER_NAME].name,
+ ctx->opts->user_map[SDAP_AT_USER_UID].name,
+ ctx->opts->user_map[SDAP_AT_USER_GID].name,
+ ctx->opts->user_map[SDAP_AT_USER_USN].name,
+ ctx->srv_opts->max_user_value,
+ ctx->opts->user_map[SDAP_AT_USER_USN].name,
+ ctx->srv_opts->max_user_value);
} else {
- state->filter = talloc_asprintf(state,
- "(&(%s=*)(objectclass=%s))",
- ctx->opts->user_map[SDAP_AT_USER_NAME].name,
- ctx->opts->user_map[SDAP_OC_USER].name);
+ state->filter = talloc_asprintf(
+ state,
+ "(&(objectclass=%s)(%s=*)(%s=*)(%s=*))",
+ ctx->opts->user_map[SDAP_OC_USER].name,
+ ctx->opts->user_map[SDAP_AT_USER_NAME].name,
+ ctx->opts->user_map[SDAP_AT_USER_UID].name,
+ ctx->opts->user_map[SDAP_AT_USER_GID].name);
}
if (!state->filter) {
DEBUG(2, ("Failed to build filter\n"));