diff options
| author | Andrew Tridgell <tridge@samba.org> | 2011-09-29 17:43:25 +1000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2011-10-04 15:08:57 +1100 |
| commit | 0c944d07dc534694729a1ae85d3f28206c6c0c40 (patch) | |
| tree | 418542cac23c6c70e621b730b5d688b3ce83d98d | |
| parent | aee896ad98edf80a62e586beabffeea02e004585 (diff) | |
| download | samba-0c944d07dc534694729a1ae85d3f28206c6c0c40.tar.gz samba-0c944d07dc534694729a1ae85d3f28206c6c0c40.tar.bz2 samba-0c944d07dc534694729a1ae85d3f28206c6c0c40.zip | |
s4-sam: don't look in GC NCs for user accounts
We need to exclude GC partial replica naming contexts from SAM lookups
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source4/auth/sam.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 24a40fc292..767e44c45d 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -493,7 +493,9 @@ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx, /* pull the user attributes */ ret = dsdb_search_one(sam_ctx, tmp_ctx, msg, user_dn, - LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "(objectClass=*)"); + LDB_SCOPE_BASE, attrs, + DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG, + "(objectClass=*)"); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -540,7 +542,9 @@ NTSTATUS authsam_get_user_info_dc_principal(TALLOC_CTX *mem_ctx, int ret; /* pull the user attributes */ ret = dsdb_search_one(sam_ctx, tmp_ctx, &msg, user_dn, - LDB_SCOPE_BASE, user_attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "(objectClass=*)"); + LDB_SCOPE_BASE, user_attrs, + DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG, + "(objectClass=*)"); if (ret == LDB_ERR_NO_SUCH_OBJECT) { talloc_free(tmp_ctx); return NT_STATUS_NO_SUCH_USER; |