s4-dsdb: prioritise GUID in extended_dn_in

author Andrew Tridgell <tridge@samba.org>

Wed, 22 Jun 2011 07:07:39 +0000 (17:07 +1000)

committer Andrew Tridgell <tridge@samba.org>

Wed, 22 Jun 2011 09:16:26 +0000 (11:16 +0200)
author Andrew Tridgell <tridge@samba.org>
Wed, 22 Jun 2011 07:07:39 +0000 (17:07 +1000)
committer Andrew Tridgell <tridge@samba.org>
Wed, 22 Jun 2011 09:16:26 +0000 (11:16 +0200)
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c

index e2bb0de0540a03b9fb56eeea41b8fbfb4b35273f..9a70d9a3dbb5c8eded131a26727d5ac623f4bc2f 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
@@ -315,30 +315,33 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
                 guid_val = ldb_dn_get_extended_component(dn, "GUID");
                 wkguid_val = ldb_dn_get_extended_component(dn, "WKGUID");
  
-               if (sid_val) {
+               /*
+                 prioritise the GUID - we have had instances of
+                 duplicate SIDs in the database in the
+                 ForeignSecurityPrinciples due to provision errors
+                */
+               if (guid_val) {
                         all_partitions = true;
                         base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
-                       base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", 
-                                                        ldb_binary_encode(req, *sid_val));
+                       base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)",
+                                                        ldb_binary_encode(req, *guid_val));
                         if (!base_dn_filter) {
                                 return ldb_oom(ldb_module_get_ctx(module));
                         }
                         base_dn_scope = LDB_SCOPE_SUBTREE;
                         base_dn_attrs = no_attr;
  
-               } else if (guid_val) {
-
+               } else if (sid_val) {
                         all_partitions = true;
                         base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
-                       base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", 
-                                                        ldb_binary_encode(req, *guid_val));
+                       base_dn_filter = talloc_asprintf(req, "(objectSid=%s)",
+                                                        ldb_binary_encode(req, *sid_val));
                         if (!base_dn_filter) {
                                 return ldb_oom(ldb_module_get_ctx(module));
                         }
                         base_dn_scope = LDB_SCOPE_SUBTREE;
                         base_dn_attrs = no_attr;
  
-
                 } else if (wkguid_val) {
                         char *wkguid_dup;
                         char *tail_str;
author	Andrew Tridgell <tridge@samba.org>
	Wed, 22 Jun 2011 07:07:39 +0000 (17:07 +1000)
committer	Andrew Tridgell <tridge@samba.org>
	Wed, 22 Jun 2011 09:16:26 +0000 (11:16 +0200)