s3:idmap: fix sid_to_unixid for builtin and own domain.

The old idmap code created a new mapping if asking the backends failed.
Now with the new layering, if passdb (which is used for our own domain
and builtin), then we need to continue and ask the backends, giving
tdb or whatever the default backend is a chance to create a mapping.

diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index bfa2bbccc47bd265798e0415bc50b02311b63b7d..2a4e2a5a43542c1d532edda7c5cc8f13dfc3d66b 100644 (file)
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -616,13 +616,23 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id)
        maps[1] = NULL;
 
        if (sid_check_is_in_builtin(id->sid)
-           || (sid_check_is_in_our_domain(id->sid))) {
+           || (sid_check_is_in_our_domain(id->sid)))
+       {
+               NTSTATUS status;
+
+               DEBUG(10, ("asking passdb...\n"));
 
                dom = idmap_init_passdb_domain(NULL);
                if (dom == NULL) {
                        return NT_STATUS_NONE_MAPPED;
                }
-               return dom->methods->sids_to_unixids(dom, maps);
+               status = dom->methods->sids_to_unixids(dom, maps);
+
+               if (NT_STATUS_IS_OK(status) && id->status == ID_MAPPED) {
+                       return status;
+               }
+
+               DEBUG(10, ("passdb could not map, asking backends...\n"));
        }
 
        dom = idmap_find_domain(domain);