s4-dsdb: allow specification of a SID if we are system
authorAndrew Tridgell <tridge@samba.org>
Thu, 7 Jan 2010 22:29:32 +0000 (09:29 +1100)
committerAndrew Tridgell <tridge@samba.org>
Fri, 8 Jan 2010 02:03:06 +0000 (13:03 +1100)
needed for samba3sam test

source4/dsdb/samdb/ldb_modules/samldb.c

index 79bfc0a15cb15cbbbf2b8b211a9f43a34bfacf0e..edaf7251b8f58a6c441c705d389febd30e8ef6e3 100644 (file)
@@ -901,7 +901,8 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type)
 
        /* don't allow objectSID to be specified without the RELAX control */
        ac->sid = samdb_result_dom_sid(ac, ac->msg, "objectSid");
 
        /* don't allow objectSID to be specified without the RELAX control */
        ac->sid = samdb_result_dom_sid(ac, ac->msg, "objectSid");
-       if (ac->sid && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+       if (ac->sid && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) &&
+           !dsdb_module_am_system(ac->module)) {
                ldb_asprintf_errstring(ldb, "No SID may be specified in user/group creation for %s",
                                       ldb_dn_get_linearized(ac->msg->dn));
                return LDB_ERR_UNWILLING_TO_PERFORM;
                ldb_asprintf_errstring(ldb, "No SID may be specified in user/group creation for %s",
                                       ldb_dn_get_linearized(ac->msg->dn));
                return LDB_ERR_UNWILLING_TO_PERFORM;