r4994: Patch from abartlet:

When migrating account policies to ldapsam, handle the fact that an
admin might have changed the default location of the sambaDomain-object
after installation.

Guenther
(This used to be commit 78c3c7127444b8f9959f4d6ce9e540271869d70f)

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 2994b06ef0a9785552cbe1345ea26d95aa2577b4..0d680db2be7d4eda80588775cc415204beb78430 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -96,6 +96,8 @@ struct ldapsam_privates {
        
        /* configuration items */
        int schema_ver;
+
+       char *domain_dn;
 };
 
 /**********************************************************************
@@ -2885,7 +2887,7 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, int poli
        LDAPMessage *entry = NULL;
        int count;
        int rc;
-       pstring filter, base;
+       pstring filter;
        char **vals;
        const char *policy_string = NULL;
        int tmp_val;
@@ -2915,12 +2917,13 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, int poli
                     LDAP_OBJ_ACCOUNT_POLICY, 
                     get_attr_key2string(acctpol_attr_list,
                                         LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string);
-
-       pstr_sprintf(base, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), 
-               get_global_sam_name(), lp_ldap_suffix());
+       
+       if (!ldap_state->domain_dn) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
 
 search:                
-       rc = smbldap_search(ldap_state->smbldap_state, base,
+       rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
                            LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result);
 
        if (rc != LDAP_SUCCESS) 
@@ -2995,7 +2998,7 @@ static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int poli
        LDAPMessage *entry = NULL;
        int count;
        int rc;
-       pstring filter, base, dn;
+       pstring filter, dn;
        int modop;
        LDAPMod **mods = NULL;
        fstring value_string;
@@ -3029,10 +3032,11 @@ static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int poli
                     get_attr_key2string(acctpol_attr_list,
                                         LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string);
 
-       pstr_sprintf(base, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), 
-               get_global_sam_name(), lp_ldap_suffix());
-               
-       rc = smbldap_search(ldap_state->smbldap_state, base,
+       if (!ldap_state->domain_dn) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
                            LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result);
 
        if (rc != LDAP_SUCCESS) 
@@ -3069,10 +3073,9 @@ static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int poli
 
                modop = LDAP_MOD_ADD;
 
-               pstr_sprintf(dn, "%s=%s,%s=%s,%s",
+               pstr_sprintf(dn, "%s=%s,%s",
                        get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string,
-                       get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), get_global_sam_name(),
-                       lp_ldap_suffix());
+                       ldap_state->domain_dn);
 
                smbldap_set_mod( &mods, modop, "objectClass", LDAP_OBJ_ACCOUNT_POLICY );
 
@@ -3131,6 +3134,9 @@ static void free_private_data(void **vp)
                ldap_msgfree((*ldap_state)->result);
                (*ldap_state)->result = NULL;
        }
+       if ((*ldap_state)->domain_dn != NULL) {
+               SAFE_FREE((*ldap_state)->domain_dn);
+       }
 
        *ldap_state = NULL;
 
@@ -3252,6 +3258,7 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met
        DOM_SID ldap_domain_sid;
        DOM_SID secrets_domain_sid;
        pstring domain_sid_string;
+       char *dn;
 
        if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) {
                return nt_status;
@@ -3289,6 +3296,12 @@ and will risk BDCs having inconsistant SIDs\n"));
                return NT_STATUS_UNSUCCESSFUL;
        }
 
+       dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+       if (!dn) {
+               return NT_STATUS_UNSUCCESSFUL;
+       }
+
+       ldap_state->domain_dn = smb_xstrdup(dn);
        if (smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 
                                 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), 
                                 domain_sid_string)) {