r5988: Fix the -P option (use machine account credentials) to use the Samba4

secrets system, and not the old system from Samba3.

This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.

In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v().  The vast majority of this patch is the simple
rename that followed,

(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).

Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)

20 files changed, 181 insertions, 174 deletions

diff --git a/source4/auth/auth_domain.c b/source4/auth/auth_domain.c
index 86669b9b30..6a968592bd 100644
--- a/source4/auth/auth_domain.c
+++ b/source4/auth/auth_domain.c
@@ -40,17 +40,6 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx,
 	struct netr_LogonSamLogon r;
 	struct netr_Authenticator auth, auth2;
 	struct netr_NetworkInfo ninfo;
-	const char *machine_account;
-	const char *password;
-	struct ldb_context *ldb;
-	int ldb_ret;
-	struct ldb_message **msgs;
-	const char *base_dn = SECRETS_PRIMARY_DOMAIN_DN;
-	const char *attrs[] = {
-		"secret",
-		"samAccountName",
-		NULL
-	};
 
 	struct creds_CredentialState *creds;
 	struct cli_credentials *credentials;
@@ -63,50 +52,12 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx,
 	}
 
 	credentials = cli_credentials_init(mem_ctx);
+	status = cli_credentials_set_machine_account(credentials);
 
-	/* Fetch join password */
-
-	/* Local secrets are stored in secrets.ldb */
-	ldb = secrets_db_connect(mem_ctx);
-	if (!ldb) {
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-	}
-
-	/* search for the secret record */
-	ldb_ret = samdb_search(ldb,
-			       mem_ctx, base_dn, &msgs, attrs,
-			       "(&(flatname=%s)(objectclass=primaryDomain))", 
-			       lp_workgroup());
-	if (ldb_ret == 0) {
-		DEBUG(1, ("Could not find join record to domain: %s\n",
-			  lp_workgroup()));
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-	} else if (ldb_ret != 1) {
-		DEBUG(1, ("Found %d records matching flatname=%s under DN %s\n", ldb_ret, 
-			  lp_workgroup(), base_dn));
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-
-	password = ldb_msg_find_string(msgs[0], "secret", NULL);
-	if (!password) {
-		DEBUG(1, ("Could not find 'secret' in join record to domain: %s\n",
-			  lp_workgroup()));
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-	}
-		
-	machine_account = ldb_msg_find_string(msgs[0], "samAccountName", NULL);
-	if (!machine_account) {
-		DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s\n",
-			  lp_workgroup()));
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
-	cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
-	cli_credentials_set_username(credentials, machine_account, CRED_SPECIFIED);
-	cli_credentials_set_password(credentials, password, CRED_SPECIFIED);
-	
-	cli_credentials_guess(credentials);
-
 	/* Connect to DC (take a binding string for now) */
 
 	status = dcerpc_parse_binding(mem_ctx, binding, &b);
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 2a2a437ded..b2aeff78d8 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -214,7 +214,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
 
 	if (domain_name) {
 		/* find the domain's DN */
-		ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
+		ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
 					  "(&(|(realm=%s)(name=%s))(objectclass=domain))", 
 					  domain_name, domain_name);
 		if (ret_domain == -1) {
@@ -237,7 +237,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
 	}
 
 	/* pull the user attributes */
-	ret = samdb_search(sam_ctx, mem_ctx, domain_dn, &msgs, attrs,
+	ret = gendb_search(sam_ctx, mem_ctx, domain_dn, &msgs, attrs,
 			   "(&(sAMAccountName=%s)(objectclass=user))", 
 			   account_name);
 	if (ret == -1) {
@@ -264,7 +264,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
 		}
 
 		/* find the domain's DN */
-		ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
+		ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
 					  "(&(objectSid=%s)(objectclass=domain))", 
 					  domain_sid);
 		if (ret_domain == -1) {
@@ -360,7 +360,7 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, void *sam_ctx,
 	uint_t rid;
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 
-	group_ret = samdb_search(sam_ctx,
+	group_ret = gendb_search(sam_ctx,
 				 tmp_ctx, NULL, &group_msgs, group_attrs,
 				 "(&(member=%s)(sAMAccountType=*))", 
 				 msgs[0]->dn);
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 4cebcfc692..6f9251dd32 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -37,26 +37,6 @@ struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx)
 }
 
 /*
-  search the sam for the specified attributes - varargs variant
-*/
-int samdb_search(struct ldb_context *sam_ldb,
-		 TALLOC_CTX *mem_ctx, 
-		 const char *basedn,
-		 struct ldb_message ***res,
-		 const char * const *attrs,
-		 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
-{
-	va_list ap;
-	int count;
-
-	va_start(ap, format);
-	count = gendb_search_v(sam_ldb, mem_ctx, basedn, res, attrs, format, ap);
-	va_end(ap);
-
-	return count;
-}
-
-/*
   search the sam for the specified attributes in a specific domain, filter on
   objectSid being in domain_sid.
 */
@@ -585,7 +565,7 @@ int samdb_copy_template(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
 	
 
 	/* pull the template record */
-	ret = samdb_search(sam_ldb, mem_ctx, NULL, &res, NULL, "%s", expression);
+	ret = gendb_search(sam_ldb, mem_ctx, NULL, &res, NULL, "%s", expression);
 	if (ret != 1) {
 		DEBUG(1,("samdb: ERROR: template '%s' matched %d records\n", 
 			 expression, ret));
diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c
index 08435e2731..77ddcbbdcd 100644
--- a/source4/dsdb/samdb/samdb_privilege.c
+++ b/source4/dsdb/samdb/samdb_privilege.c
@@ -44,7 +44,7 @@ static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ret = samdb_search(samctx, mem_ctx, NULL, &res, attrs, "objectSid=%s", sidstr);
+	ret = gendb_search(samctx, mem_ctx, NULL, &res, attrs, "objectSid=%s", sidstr);
 	if (ret != 1) {
 		talloc_free(sidstr);
 		/* not an error to not match */
diff --git a/source4/include/secrets.h b/source4/include/secrets.h
index 8b0d7801e6..09cb0dda69 100644
--- a/source4/include/secrets.h
+++ b/source4/include/secrets.h
@@ -59,4 +59,7 @@ struct machine_acct_pass {
 
 #define SECRETS_PRIMARY_DOMAIN_DN "cn=Primary Domains"
 
+#define SECRETS_PRIMARY_DOMAIN_FILTER "(&(flatname=%s)(objectclass=primaryDomain))"
+#define SECRETS_PRIMARY_REALM_FILTER "(&(realm=%s)(objectclass=primaryDomain))"
+
 #endif /* _SECRETS_H */
diff --git a/source4/lib/basic.mk b/source4/lib/basic.mk
index 29dbbd22c7..7d6847c465 100644
--- a/source4/lib/basic.mk
+++ b/source4/lib/basic.mk
@@ -65,8 +65,10 @@ ADD_OBJ_FILES = \
 		lib/unix_privs.o \
 		lib/db_wrap.o \
 		lib/gencache.o \
+		lib/gendb.o \
 		lib/credentials.o
 REQUIRED_SUBSYSTEMS = \
 		LIBLDB CHARSET LIBREPLACE LIBNETIF LIBCRYPTO EXT_LIB_DL LIBTALLOC
 # End SUBSYSTEM LIBBASIC
 ##############################
+
diff --git a/source4/lib/cmdline/config.mk b/source4/lib/cmdline/config.mk
index 803c81f273..831461b7f3 100644
--- a/source4/lib/cmdline/config.mk
+++ b/source4/lib/cmdline/config.mk
@@ -2,6 +2,6 @@
 # Start SUBSYSTEM LIBCMDLINE_CREDENTIALS
 [SUBSYSTEM::LIBCMDLINE_CREDENTIALS]
 ADD_OBJ_FILES = lib/cmdline/getsmbpass.o \
-				lib/cmdline/credentials.o
+		lib/cmdline/credentials.o
 # End SUBSYSTEM LIBCMDLINE_CREDENTIALS
 ##############################
diff --git a/source4/lib/cmdline/popt_common.c b/source4/lib/cmdline/popt_common.c
index 7049ce65df..50e07d95e9 100644
--- a/source4/lib/cmdline/popt_common.c
+++ b/source4/lib/cmdline/popt_common.c
@@ -213,26 +213,7 @@ static void popt_common_credentials_callback(poptContext con,
 
 	case 'P':
 	        {
-			char *opt_password = NULL;
-			/* it is very useful to be able to make ads queries as the
-			   machine account for testing purposes and for domain leave */
-			
-			if (!secrets_init()) {
-				d_printf("ERROR: Unable to open secrets database\n");
-				exit(1);
-			}
-			
-			opt_password = secrets_fetch_machine_password(lp_workgroup());
-			
-			if (!opt_password) {
-				d_printf("ERROR: Unable to fetch machine password\n");
-				exit(1);
-			}
-			cmdline_credentials->username = talloc_asprintf(cmdline_credentials, "%s$", lp_netbios_name());
-			cmdline_credentials->username_obtained = CRED_SPECIFIED;
-			cli_credentials_set_password(cmdline_credentials, opt_password, CRED_SPECIFIED);
-			free(opt_password);
-			
+			cli_credentials_set_machine_account(cmdline_credentials);
 		}
 		/* machine accounts only work with kerberos */
 
diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c
index 211cb9ce07..b997e6ae53 100644
--- a/source4/lib/credentials.c
+++ b/source4/lib/credentials.c
@@ -22,11 +22,23 @@
 
 #include "includes.h"
 #include "system/filesys.h"
+#include "lib/cmdline/popt_common.h"
+#include "include/secrets.h"
+#include "lib/ldb/include/ldb.h"
 
 /* Create a new credentials structure, on the specified TALLOC_CTX */
 struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) 
 {
-	return talloc_zero(mem_ctx, struct cli_credentials);
+	struct cli_credentails *cred = talloc_zero(mem_ctx, struct cli_credentials);
+	if (!cred) {
+		return cred;
+	}
+
+	cli_credentials_set_domain(cred, lp_workgroup(), CRED_GUESSED);
+	cli_credentials_set_workstation(cred, lp_netbios_name(), CRED_GUESSED);
+	cli_credentials_set_realm(cred, lp_realm(), CRED_GUESSED);
+	
+	return cred;
 }
 
 const char *cli_credentials_get_username(struct cli_credentials *cred)
@@ -279,10 +291,6 @@ void cli_credentials_guess(struct cli_credentials *cred)
 {
 	char *p;
 
-	cli_credentials_set_domain(cred, lp_workgroup(), CRED_GUESSED);
-	cli_credentials_set_workstation(cred, lp_netbios_name(), CRED_GUESSED);
-	cli_credentials_set_realm(cred, lp_realm(), CRED_GUESSED);
-
 	if (getenv("LOGNAME")) {
 		cli_credentials_set_username(cred, getenv("LOGNAME"), CRED_GUESSED);
 	}
@@ -311,6 +319,67 @@ void cli_credentials_guess(struct cli_credentials *cred)
 	}
 }
 
+NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *creds)
+{
+	TALLOC_CTX *mem_ctx = talloc_named(creds, 0, "cli_credentials fetch machine password");
+	
+	struct ldb_context *ldb;
+	int ldb_ret;
+	struct ldb_message **msgs;
+	const char *base_dn = SECRETS_PRIMARY_DOMAIN_DN;
+	const char *attrs[] = {
+		"secret",
+		"samAccountName",
+		NULL
+	};
+	
+	const char *machine_account;
+	const char *password;
+	
+	/* Local secrets are stored in secrets.ldb */
+	ldb = secrets_db_connect(mem_ctx);
+	if (!ldb) {
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+
+	/* search for the secret record */
+	ldb_ret = gendb_search(ldb,
+			       mem_ctx, base_dn, &msgs, attrs,
+			       SECRETS_PRIMARY_DOMAIN_FILTER, 
+			       cli_credentials_get_domain(creds));
+	if (ldb_ret == 0) {
+		DEBUG(1, ("Could not find join record to domain: %s\n",
+			  lp_workgroup()));
+		talloc_free(mem_ctx);
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	} else if (ldb_ret != 1) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+	
+	password = ldb_msg_find_string(msgs[0], "secret", NULL);
+	if (!password) {
+		DEBUG(1, ("Could not find 'secret' in join record to domain: %s\n",
+			  cli_credentials_get_domain(creds)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+	
+	machine_account = ldb_msg_find_string(msgs[0], "samAccountName", NULL);
+	if (!machine_account) {
+		DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s\n",
+			  cli_credentials_get_domain(creds)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+	
+	cli_credentials_set_username(creds, machine_account, CRED_SPECIFIED);
+	cli_credentials_set_password(creds, password, CRED_SPECIFIED);
+	talloc_free(mem_ctx);
+	
+	return NT_STATUS_OK;
+}
+
 /* Fill in a credentails structure as anonymous */
 void cli_credentials_set_anonymous(struct cli_credentials *cred) 
 {
diff --git a/source4/rpc_server/common/gendb.c b/source4/lib/gendb.c
index bca1b823c2..befdd63c9e 100644
--- a/source4/rpc_server/common/gendb.c
+++ b/source4/lib/gendb.c
@@ -57,3 +57,24 @@ int gendb_search_v(struct ldb_context *ldb,
 
 	return count;
 }
+
+/*
+  search the LDB for the specified attributes - varargs variant
+*/
+int gendb_search(struct ldb_context *sam_ldb,
+		 TALLOC_CTX *mem_ctx, 
+		 const char *basedn,
+		 struct ldb_message ***res,
+		 const char * const *attrs,
+		 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
+{
+	va_list ap;
+	int count;
+
+	va_start(ap, format);
+	count = gendb_search_v(sam_ldb, mem_ctx, basedn, res, attrs, format, ap);
+	va_end(ap);
+
+	return count;
+}
+
diff --git a/source4/libcli/auth/kerberos_verify.c b/source4/libcli/auth/kerberos_verify.c
index 2aef38fcd9..6e7907fc43 100644
--- a/source4/libcli/auth/kerberos_verify.c
+++ b/source4/libcli/auth/kerberos_verify.c
@@ -204,9 +204,9 @@ static krb5_error_code ads_secrets_verify_ticket(TALLOC_CTX *mem_ctx, krb5_conte
 	}
 
 	/* search for the secret record */
-	ldb_ret = samdb_search(ldb,
+	ldb_ret = gendb_search(ldb,
 			       mem_ctx, base_dn, &msgs, attrs,
-			       "(&(realm=%s)(objectclass=primaryDomain))", 
+			       SECRETS_PRIMARY_REALM_FILTER,
 			       lp_realm());
 	if (ldb_ret == 0) {
 		DEBUG(1, ("Could not find domain join record for %s\n",
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index 1186853520..1f02cc83b6 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -24,6 +24,7 @@
 #include "librpc/gen_ndr/ndr_samr.h"
 #include "lib/crypto/crypto.h"
 #include "lib/ldb/include/ldb.h"
+#include "include/secrets.h"
 
 /*
  * do a domain join using DCERPC/SAMR calls
@@ -373,9 +374,9 @@ static NTSTATUS libnet_Join_primary_domain(struct libnet_context *ctx,
 	msg = ldb_msg_new(mem_ctx);
 
 	/* search for the secret record */
-	ret = samdb_search(ldb,
+	ret = gendb_search(ldb,
 			   mem_ctx, base_dn, &msgs, attrs,
-			   "(&(flatname=%s)(objectclass=primaryDomain))", 
+			   SECRETS_PRIMARY_DOMAIN_FILTER,
 			   r->generic.in.domain_name);
 	if (ret == 0) {
 		msg->dn = talloc_asprintf(mem_ctx, "flatname=%s,%s", 
diff --git a/source4/ntvfs/common/sidmap.c b/source4/ntvfs/common/sidmap.c
index 2a530c4a6b..a39ee2f0eb 100644
--- a/source4/ntvfs/common/sidmap.c
+++ b/source4/ntvfs/common/sidmap.c
@@ -102,7 +102,7 @@ static NTSTATUS sidmap_primary_domain_sid(struct sidmap_context *sidmap,
 	int ret;
 	struct ldb_message **res;
 
-	ret = samdb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
+	ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
 			   "(&(objectClass=domain)(name=%s))", lp_workgroup());
 	if (ret != 1) {
 		talloc_free(ctx);
@@ -148,7 +148,7 @@ NTSTATUS sidmap_sid_to_unixuid(struct sidmap_context *sidmap,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ret = samdb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
+	ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
 			   "objectSid=%s", sidstr);
 	if (ret != 1) {
 		goto allocated_sid;
@@ -247,7 +247,7 @@ NTSTATUS sidmap_sid_to_unixgid(struct sidmap_context *sidmap,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ret = samdb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
+	ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
 			   "objectSid=%s", sidstr);
 	if (ret != 1) {
 		goto allocated_sid;
@@ -360,7 +360,7 @@ NTSTATUS sidmap_uid_to_sid(struct sidmap_context *sidmap,
                   given uid
 	*/
 
-	ret = samdb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
+	ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
 			   "unixID=%u", (unsigned int)uid);
 	for (i=0;i<ret;i++) {
 		const char *sidstr;
@@ -387,7 +387,7 @@ NTSTATUS sidmap_uid_to_sid(struct sidmap_context *sidmap,
 		goto allocate_sid;
 	}
 
-	ret = samdb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
+	ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
 			   "(|(unixName=%s)(sAMAccountName=%s))", 
 			   pwd->pw_name, pwd->pw_name);
 	for (i=0;i<ret;i++) {
@@ -472,7 +472,7 @@ NTSTATUS sidmap_gid_to_sid(struct sidmap_context *sidmap,
                   given gid
 	*/
 
-	ret = samdb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
+	ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
 			   "unixID=%u", (unsigned int)gid);
 	for (i=0;i<ret;i++) {
 		const char *sidstr;
@@ -499,7 +499,7 @@ NTSTATUS sidmap_gid_to_sid(struct sidmap_context *sidmap,
 		goto allocate_sid;
 	}
 
-	ret = samdb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
+	ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs, 
 			   "(|(unixName=%s)(sAMAccountName=%s))", 
 			   grp->gr_name, grp->gr_name);
 	for (i=0;i<ret;i++) {
diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index 765f2237bc..a3dfd3de51 100644
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -5,8 +5,7 @@
 [SUBSYSTEM::DCERPC_COMMON]
 ADD_OBJ_FILES = \
 		rpc_server/common/server_info.o \
-		rpc_server/common/share_info.o \
-		rpc_server/common/gendb.o
+		rpc_server/common/share_info.o
 #
 # End SUBSYSTEM DCERPC_COMMON
 ################################################
diff --git a/source4/rpc_server/drsuapi/drsuapi_cracknames.c b/source4/rpc_server/drsuapi/drsuapi_cracknames.c
index 47a4715cf8..65da137356 100644
--- a/source4/rpc_server/drsuapi/drsuapi_cracknames.c
+++ b/source4/rpc_server/drsuapi/drsuapi_cracknames.c
@@ -143,7 +143,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX
 	}
 
 	/* if we have a domain_filter look it up and set the result_basedn and the dns_domain_name */
-	ret = samdb_search(b_state->sam_ctx, mem_ctx, NULL, &domain_res, domain_attrs,
+	ret = gendb_search(b_state->sam_ctx, mem_ctx, NULL, &domain_res, domain_attrs,
 				"%s", domain_filter);
 	switch (ret) {
 		case 1:
@@ -166,7 +166,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX
 	if (result_filter) {
 		result_basedn = samdb_result_string(domain_res[0], "dn", NULL);
 
-		ret = samdb_search(b_state->sam_ctx, mem_ctx, result_basedn, &result_res,
+		ret = gendb_search(b_state->sam_ctx, mem_ctx, result_basedn, &result_res,
 					result_attrs, "%s", result_filter);
 		switch (ret) {
 			case 1:
diff --git a/source4/rpc_server/dssetup/dcesrv_dssetup.c b/source4/rpc_server/dssetup/dcesrv_dssetup.c
index 5df9c4fc0b..fa219343c1 100644
--- a/source4/rpc_server/dssetup/dcesrv_dssetup.c
+++ b/source4/rpc_server/dssetup/dcesrv_dssetup.c
@@ -87,7 +87,7 @@ static WERROR dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_call_state
 				return WERR_SERVER_UNAVAILABLE;
 			}
 
-			ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
+			ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
 					   "(&(objectClass=domainDNS)(!(objectClass=builtinDomain)))");
 			if (ret != 1) {
 				return WERR_SERVER_UNAVAILABLE;
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 2e1a621eee..ea803559c4 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -359,7 +359,7 @@ static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CT
 	int ret;
 	struct ldb_message **res;
 
-	ret = samdb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
+	ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
 			   "dn=%s", state->domain_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -381,7 +381,7 @@ static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx
 	int ret;
 	struct ldb_message **res;
 
-	ret = samdb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
+	ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
 			   "dn=%s", state->domain_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -496,7 +496,7 @@ static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX
 
 	state = h->data;
 
-	ret = samdb_search(state->sam_ldb, mem_ctx, state->builtin_dn, &res, attrs, 
+	ret = gendb_search(state->sam_ldb, mem_ctx, state->builtin_dn, &res, attrs, 
 			   "privilege=*");
 	if (ret <= 0) {
 		return NT_STATUS_NO_SUCH_USER;
@@ -600,7 +600,7 @@ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALL
 	}
 
 	/* search for the trusted_domain record */
-	ret = samdb_search(trusted_domain_state->policy->sam_ldb,
+	ret = gendb_search(trusted_domain_state->policy->sam_ldb,
 			   mem_ctx, policy_state->system_dn, &msgs, attrs,
 			   "(&(cn=%s)(objectclass=trustedDomain))", 
 			   r->in.info->name.string);
@@ -700,7 +700,7 @@ static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC
 	}
 
 	/* search for the trusted_domain record */
-	ret = samdb_search(trusted_domain_state->policy->sam_ldb,
+	ret = gendb_search(trusted_domain_state->policy->sam_ldb,
 			   mem_ctx, policy_state->system_dn, &msgs, attrs,
 			   "(&(securityIdentifier=%s)(objectclass=trustedDomain))", 
 			   sid_string);
@@ -765,7 +765,7 @@ static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
 	trusted_domain_state->policy = policy_state;
 
 	/* search for the trusted_domain record */
-	ret = samdb_search(trusted_domain_state->policy->sam_ldb,
+	ret = gendb_search(trusted_domain_state->policy->sam_ldb,
 			   mem_ctx, policy_state->system_dn, &msgs, attrs,
 			   "(&(flatname=%s)(objectclass=trustedDomain))", 
 			   r->in.name.string);
@@ -850,7 +850,7 @@ static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, T
 	trusted_domain_state = h->data;
 
 	/* pull all the user attributes */
-	ret = samdb_search(trusted_domain_state->policy->sam_ldb, mem_ctx, NULL, &res, attrs,
+	ret = gendb_search(trusted_domain_state->policy->sam_ldb, mem_ctx, NULL, &res, attrs,
 			   "dn=%s", trusted_domain_state->trusted_domain_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -970,7 +970,7 @@ static NTSTATUS lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX
 
 	/* search for all users in this domain. This could possibly be cached and 
 	   resumed based on resume_key */
-	count = samdb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs, 
+	count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs, 
 			     "objectclass=trustedDomain");
 	if (count == -1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -1105,7 +1105,7 @@ static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_c
 	const char * const attrs[] = { "sAMAccountName", "sAMAccountType", "name", NULL};
 	NTSTATUS status;
 
-	ret = samdb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
+	ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
 			   "objectSid=%s", sid_str);
 	if (ret == 1) {
 		*name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
@@ -1373,7 +1373,7 @@ static NTSTATUS lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
 	r->out.privs->unknown = 0;
 	r->out.privs->set = NULL;
 
-	ret = samdb_search(astate->policy->sam_ldb, mem_ctx, NULL, &res, attrs, 
+	ret = gendb_search(astate->policy->sam_ldb, mem_ctx, NULL, &res, attrs, 
 			   "dn=%s", astate->account_dn);
 	if (ret != 1) {
 		return NT_STATUS_OK;
@@ -1429,7 +1429,7 @@ static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ret = samdb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
+	ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
 			   "objectSid=%s", sidstr);
 	if (ret != 1) {
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -1746,7 +1746,7 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX
 
 		name2 = talloc_asprintf(mem_ctx, "%s Secret", name);
 		/* search for the secret record */
-		ret = samdb_search(secret_state->sam_ldb,
+		ret = gendb_search(secret_state->sam_ldb,
 				   mem_ctx, policy_state->system_dn, &msgs, attrs,
 				   "(&(cn=%s)(objectclass=secret))", 
 				   name2);
@@ -1776,7 +1776,7 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX
 
 		secret_state->sam_ldb = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
 		/* search for the secret record */
-		ret = samdb_search(secret_state->sam_ldb,
+		ret = gendb_search(secret_state->sam_ldb,
 				   mem_ctx, "cn=LSA Secrets", &msgs, attrs,
 				   "(&(cn=%s)(objectclass=secret))", 
 				   name);
@@ -1872,7 +1872,7 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 		}
 
 		/* search for the secret record */
-		ret = samdb_search(secret_state->sam_ldb,
+		ret = gendb_search(secret_state->sam_ldb,
 				   mem_ctx, policy_state->system_dn, &msgs, attrs,
 				   "(&(cn=%s Secret)(objectclass=secret))", 
 				   name);
@@ -1895,7 +1895,7 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 		}
 
 		/* search for the secret record */
-		ret = samdb_search(secret_state->sam_ldb,
+		ret = gendb_search(secret_state->sam_ldb,
 				   mem_ctx, "cn=LSA Secrets", &msgs, attrs,
 				   "(&(cn=%s)(objectclass=secret))", 
 				   name);
@@ -2048,7 +2048,7 @@ static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *me
 			};
 			
 			/* search for the secret record */
-			ret = samdb_search(secret_state->sam_ldb,
+			ret = gendb_search(secret_state->sam_ldb,
 					   mem_ctx, NULL, &res, attrs,
 					   "(dn=%s)", secret_state->secret_dn);
 			if (ret == 0) {
@@ -2121,7 +2121,7 @@ static NTSTATUS lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 	secret_state = h->data;
 
 	/* pull all the user attributes */
-	ret = samdb_search(secret_state->sam_ldb, mem_ctx, NULL, &res, attrs,
+	ret = gendb_search(secret_state->sam_ldb, mem_ctx, NULL, &res, attrs,
 			   "dn=%s", secret_state->secret_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2340,7 +2340,7 @@ static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call
 		return NT_STATUS_NO_SUCH_PRIVILEGE;
 	}
 
-	ret = samdb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
+	ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, 
 			   "privilege=%s", privname);
 	if (ret <= 0) {
 		return NT_STATUS_NO_SUCH_USER;
@@ -2541,7 +2541,7 @@ static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_
 		name = p + 1;
 	}
 
-	ret = samdb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
+	ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
 	if (ret == 1) {
 		const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
 		if (sid_str == NULL) {
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 6a29bf7db8..0b6106d485 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -152,7 +152,7 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
 	/* pull the user attributes */
-	num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
+	num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
 				   "(&(sAMAccountName=%s)(objectclass=user))", 
 				   r->in.account_name);
 
@@ -327,7 +327,7 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
 	/* pull the user attributes */
-	num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
+	num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
 				   "(&(sAMAccountName=%s)(objectclass=user))", 
 				   pipe_state->creds->account_name);
 	if (num_records == -1) {
@@ -353,7 +353,7 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
 	}
 
 	/* find the domain's DN */
-	num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL, 
+	num_records_domain = gendb_search(sam_ctx, mem_ctx, NULL, 
 					  &msgs_domain, domain_attrs,
 					  "(&(objectSid=%s)(objectclass=domain))", 
 					  domain_sid);
@@ -951,12 +951,12 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL
 	   primary domain is also a "trusted" domain, so we need to
 	   put the primary domain into the lists of returned trusts as
 	   well */
-	ret1 = samdb_search(sam_ctx, mem_ctx, NULL, &res1, attrs, "(objectClass=domainDNS)");
+	ret1 = gendb_search(sam_ctx, mem_ctx, NULL, &res1, attrs, "(objectClass=domainDNS)");
 	if (ret1 != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
-	ret2 = samdb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
+	ret2 = gendb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
 	if (ret2 == -1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
@@ -1030,7 +1030,7 @@ static NTSTATUS netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALL
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
 	/* pull the user attributes */
-	num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
+	num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
 				   "(&(sAMAccountName=%s)(objectclass=user))", 
 				   pipe_state->creds->account_name);
 	if (num_records == -1) {
@@ -1056,7 +1056,7 @@ static NTSTATUS netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALL
 	}
 
 	/* find the domain's DN */
-	num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL, 
+	num_records_domain = gendb_search(sam_ctx, mem_ctx, NULL, 
 					  &msgs_domain, domain_attrs,
 					  "(&(objectSid=%s)(objectclass=domain))", 
 					  domain_sid);
@@ -1160,7 +1160,7 @@ static WERROR netr_DrsGetDCNameEx2(struct dcesrv_call_state *dce_call, TALLOC_CT
 		return WERR_DS_SERVICE_UNAVAILABLE;
 	}
 
-	ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
+	ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
 				"(&(objectClass=domainDNS)(dnsDomain=%s))",
 				r->in.domain_name);
 	if (ret != 1) {
@@ -1248,7 +1248,7 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call,
 		return WERR_GENERAL_FAILURE;
 	}
 
-	ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)");
+	ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)");
 	if (ret == -1) {
 		return WERR_GENERAL_FAILURE;		
 	}
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 44f3890e44..41074b4128 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -288,7 +288,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	ret = samdb_search(c_state->sam_ctx,
+	ret = gendb_search(c_state->sam_ctx,
 			   mem_ctx, NULL, &msgs, attrs,
 			   "(&(objectSid=%s)(objectclass=domain))", 
 			   sidstr);
@@ -343,7 +343,7 @@ static NTSTATUS samr_info_DomInfo1(struct samr_domain_state *state,
 	int ret;
 	struct ldb_message **res;
 
-	ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+	ret = gendb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
 			   "dn=%s", state->domain_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -373,7 +373,7 @@ static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *
 	int ret;
 	struct ldb_message **res;
 
-	ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+	ret = gendb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
 			   "dn=%s", state->domain_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -887,7 +887,7 @@ static NTSTATUS samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, TALLOC_
 	
 	/* search for all users in this domain. This could possibly be cached and 
 	   resumed based on resume_key */
-	count = samdb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, 
+	count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, 
 			     "objectclass=user");
 	if (count == -1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -1288,7 +1288,7 @@ static NTSTATUS samr_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX
 		r->out.rids.ids[i] = 0;
 		r->out.types.ids[i] = SID_NAME_UNKNOWN;
 
-		count = samdb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, 
+		count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, 
 				     "sAMAccountName=%s", r->in.names[i].string);
 		if (count != 1) {
 			status = STATUS_SOME_UNMAPPED;
@@ -1367,7 +1367,7 @@ static NTSTATUS samr_LookupRids(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 
 		ids[i] = SID_NAME_UNKNOWN;
 
-		count = samdb_search(d_state->sam_ctx, mem_ctx,
+		count = gendb_search(d_state->sam_ctx, mem_ctx,
 				     d_state->domain_dn, &res, attrs,
 				     "(objectSid=%s-%u)", d_state->domain_sid,
 				     r->in.rids[i]);
@@ -1431,7 +1431,7 @@ static NTSTATUS samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 	}
 
 	/* search for the group record */
-	ret = samdb_search(d_state->sam_ctx,
+	ret = gendb_search(d_state->sam_ctx,
 			   mem_ctx, d_state->domain_dn, &msgs, attrs,
 			   "(&(objectSid=%s)(objectclass=group)"
 			   "(grouptype=%s))",
@@ -1547,7 +1547,7 @@ static NTSTATUS samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_C
 	a_state = h->data;
 
 	/* pull all the group attributes */
-	ret = samdb_search(a_state->sam_ctx, mem_ctx, NULL, &res, attrs,
+	ret = gendb_search(a_state->sam_ctx, mem_ctx, NULL, &res, attrs,
 			   "dn=%s", a_state->account_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -1667,7 +1667,7 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C
 
 	/* In native mode, AD can also nest domain groups. Not sure yet
 	 * whether this is also available via RPC. */
-	ret = samdb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
+	ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
 			   &msgs, attrs, "(&(objectSid=%s)(objectclass=user))",
 			   membersidstr);
 
@@ -1755,7 +1755,7 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO
 
 	/* In native mode, AD can also nest domain groups. Not sure yet
 	 * whether this is also available via RPC. */
-	ret = samdb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
+	ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
 			   &msgs, attrs, "(&(objectSid=%s)(objectclass=user))",
 			   membersidstr);
 
@@ -1807,7 +1807,7 @@ static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC
 	a_state = h->data;
 
 	/* pull the member attribute */
-	ret = samdb_search(a_state->sam_ctx, mem_ctx, NULL, &res, attrs,
+	ret = gendb_search(a_state->sam_ctx, mem_ctx, NULL, &res, attrs,
 			   "dn=%s", a_state->account_dn);
 
 	if (ret != 1) {
@@ -1841,7 +1841,7 @@ static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC
 		for (i=0; i<el->num_values; i++) {
 			struct ldb_message **res2;
 			const char * const attrs2[2] = { "objectSid", NULL };
-			ret = samdb_search(a_state->sam_ctx, mem_ctx, NULL,
+			ret = gendb_search(a_state->sam_ctx, mem_ctx, NULL,
 					   &res2, attrs2, "dn=%s",
 					   (char *)el->values[i].data);
 			if (ret != 1)
@@ -1902,7 +1902,7 @@ static NTSTATUS samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 		return NT_STATUS_NO_MEMORY;
 
 	/* search for the group record */
-	ret = samdb_search(d_state->sam_ctx,
+	ret = gendb_search(d_state->sam_ctx,
 			   mem_ctx, d_state->domain_dn, &msgs, attrs,
 			   "(&(objectSid=%s)(objectclass=group)"
 			   "(|(grouptype=%s)(grouptype=%s)))",
@@ -1973,7 +1973,7 @@ static NTSTATUS samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_C
 	a_state = h->data;
 
 	/* pull all the alias attributes */
-	ret = samdb_search(a_state->sam_ctx, mem_ctx, NULL, &res, attrs,
+	ret = gendb_search(a_state->sam_ctx, mem_ctx, NULL, &res, attrs,
 			   "dn=%s", a_state->account_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2092,7 +2092,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
 	if (sidstr == NULL)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	ret = samdb_search(d_state->sam_ctx, mem_ctx, NULL,
+	ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL,
 			   &msgs, attrs, "(objectsid=%s)", sidstr);
 
 	if (ret == 1) {
@@ -2269,7 +2269,7 @@ static NTSTATUS samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLO
 	a_state = h->data;
 	d_state = a_state->domain_state;
 
-	ret = samdb_search(d_state->sam_ctx, mem_ctx, NULL, &msgs, attrs,
+	ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL, &msgs, attrs,
 			   "dn=%s", a_state->account_dn);
 
 	if (ret != 1)
@@ -2292,7 +2292,7 @@ static NTSTATUS samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLO
 		for (i=0; i<el->num_values; i++) {
 			struct ldb_message **msgs2;
 			const char * const attrs2[2] = { "objectSid", NULL };
-			ret = samdb_search(a_state->sam_ctx, mem_ctx, NULL,
+			ret = gendb_search(a_state->sam_ctx, mem_ctx, NULL,
 					   &msgs2, attrs2, "dn=%s",
 					   (char *)el->values[i].data);
 			if (ret != 1)
@@ -2339,7 +2339,7 @@ static NTSTATUS samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *me
 	}
 
 	/* search for the user record */
-	ret = samdb_search(d_state->sam_ctx,
+	ret = gendb_search(d_state->sam_ctx,
 			   mem_ctx, d_state->domain_dn, &msgs, attrs,
 			   "(&(objectSid=%s)(objectclass=user))", 
 			   sidstr);
@@ -2431,7 +2431,7 @@ static NTSTATUS samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CT
 	a_state = h->data;
 
 	/* pull all the user attributes */
-	ret = samdb_search(a_state->sam_ctx, mem_ctx, NULL, &res, NULL,
+	ret = gendb_search(a_state->sam_ctx, mem_ctx, NULL, &res, NULL,
 			   "dn=%s", a_state->account_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -3362,7 +3362,7 @@ static NTSTATUS samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
 
-	ret = samdb_search(sam_ctx, 
+	ret = gendb_search(sam_ctx, 
 			   mem_ctx, NULL, &msgs, attrs, 
 			   "(&(name=%s)(objectclass=domain))",
 			   lp_workgroup());
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 468f02d831..f5390cc1d5 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -50,7 +50,7 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX
 	a_state = h->data;
 
 	/* fetch the old hashes */
-	ret = samdb_search(a_state->sam_ctx, mem_ctx, NULL, &res, attrs,
+	ret = gendb_search(a_state->sam_ctx, mem_ctx, NULL, &res, attrs,
 			   "dn=%s", a_state->account_dn);
 	if (ret != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -167,7 +167,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
 	/* we need the users dn and the domain dn (derived from the
 	   user SID). We also need the current lm password hash in
 	   order to decrypt the incoming password */
-	ret = samdb_search(sam_ctx, 
+	ret = gendb_search(sam_ctx, 
 			   mem_ctx, NULL, &res, attrs,
 			   "(&(sAMAccountName=%s)(objectclass=user))",
 			   r->in.account->string);
@@ -295,7 +295,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	/* we need the users dn and the domain dn (derived from the
 	   user SID). We also need the current lm and nt password hashes
 	   in order to decrypt the incoming passwords */
-	ret = samdb_search(sam_ctx, 
+	ret = gendb_search(sam_ctx, 
 			   mem_ctx, NULL, &res, attrs,
 			   "(&(sAMAccountName=%s)(objectclass=user))",
 			   r->in.account->string);
@@ -400,7 +400,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	return NT_STATUS_OK;
 
 failed:
-	ret = samdb_search(sam_ctx, 
+	ret = gendb_search(sam_ctx, 
 			   mem_ctx, NULL, &res, dom_attrs,
 			   "dn=%s", domain_dn);
 
@@ -517,7 +517,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx,
 	unix_to_nt_time(&now_nt, now);
 
 	/* pull all the user parameters */
-	count = samdb_search(ctx, mem_ctx, NULL, &res, user_attrs, "dn=%s", user_dn);
+	count = gendb_search(ctx, mem_ctx, NULL, &res, user_attrs, "dn=%s", user_dn);
 	if (count != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
@@ -533,7 +533,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx,
 	pwdLastSet =         samdb_result_uint64(res[0], "pwdLastSet", 0);
 
 	/* pull the domain parameters */
-	count = samdb_search(ctx, mem_ctx, NULL, &res, domain_attrs, "dn=%s", domain_dn);
+	count = gendb_search(ctx, mem_ctx, NULL, &res, domain_attrs, "dn=%s", domain_dn);
 	if (count != 1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}