ad05801 GPO: Add option ad_gpo_ignore_unreadable

5 files Authored by mzidek 2 years ago, Committed by jhrozek 2 years ago,
    GPO: Add option ad_gpo_ignore_unreadable
    
    Add option to ignore group policy containers in AD
    with unreadable or missing attributes. This is
    for the case when server contains GPOs that
    have very strict permissions on their attributes
    in AD but are unrelated to access control.
    
    Rather then using this option it is better to
    change the permissions on the AD objects but
    that may not be always possible (company policy,
    not access to server etc.).
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3867
    CVE-2018-16838
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    (cherry picked from commit 2f27dd9f05c2d3ed1c190ba387bc97738988efb0)
    
        
file modified
+1 -0
file modified
+19 -0
file modified
+1 -0
file modified
+63 -4
file modified
+1 -0