dsdb: Use DSDB_SEARCH_SHOW_EXTENDED_DN when searching for the local replicated object

This may allow further processing when the DN normalisation has changed
which changes the indexing, such as seen after fixes for bug 14656.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14656
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14902

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit f621317e3b25a8925ab6e448068264488a0a47c7)

diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 11b87bdf5ca85b5cfa88e0742063427bde92ebb0..2b3cd2d7954576ff300e5e458e6c42fc7ac13f35 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -1408,7 +1408,7 @@ static const struct op_attributes_replace search_sub[] = {
        { "tokenGroups", "primaryGroupID", objectSid_attr, construct_token_groups },
        { "tokenGroupsNoGCAcceptable", "primaryGroupID", objectSid_attr, construct_token_groups_no_gc},
        { "tokenGroupsGlobalAndUniversal", "primaryGroupID", objectSid_attr, construct_global_universal_token_groups },
-       { "parentGUID", NULL, NULL, construct_parent_guid },
+       { "parentGUID", "objectGUID", NULL, construct_parent_guid },
        { "subSchemaSubEntry", NULL, NULL, construct_subschema_subentry },
        { "msDS-isRODC", "objectClass", objectCategory_attr, construct_msds_isrodc },
        { "msDS-KeyVersionNumber", "replPropertyMetaData", NULL, construct_msds_keyversionnumber },

diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index fbeab0b182543fc552279b5b9e23111078cb40e0..ab506cec488f7ee60ea85631a02773cc91841a9b 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -6925,7 +6925,18 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
                                   ar->req);
        LDB_REQ_SET_LOCATION(search_req);
 
-       ret = dsdb_request_add_controls(search_req, DSDB_SEARCH_SHOW_RECYCLED);
+       /*
+        * We set DSDB_SEARCH_SHOW_EXTENDED_DN to get the GUID on the
+        * DN.  This in turn helps our operational module find the
+        * record by GUID, not DN lookup which is more error prone if
+        * DN indexing changes.  We prefer to keep chasing GUIDs
+        * around if possible, even within a transaction.
+        *
+        * The aim here is to keep replication moving and allow a
+        * reindex later.
+        */
+       ret = dsdb_request_add_controls(search_req, DSDB_SEARCH_SHOW_RECYCLED
+                                       |DSDB_SEARCH_SHOW_EXTENDED_DN);
 
        if (ret != LDB_SUCCESS) {
                return ret;