s4:auth/sam.c - specify the SID ignore case better

As per suggestion by metze.

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 6203b960c486d925caa0b8ee7af08e7383747150..cbaa2699c7a3327fd642f16a04c92e0374954c4a 100644 (file)
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -325,12 +325,18 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
        }
 
        status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
-       if (!NT_STATUS_IS_OK(status)) {
+       if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
                /* If we fail finding a SID then this is no error since it could
                 * be a non SAM object - e.g. a group with object class
                 * "groupOfNames" */
                talloc_free(tmp_ctx);
                return NT_STATUS_OK;
+       } else if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, (__location__ ": when parsing DN %s we failed to parse our SID component, so we cannot calculate the group token: %s\n",
+                         ldb_dn_get_extended_linearized(tmp_ctx, dn, 1),
+                         nt_errstr(status)));
+               talloc_free(tmp_ctx);
+               return status;
        }
 
        if (!sam_ctx) {