Merge branch 'master' of ssh://git.samba.org/data/git/samba

11 files changed, 296 insertions, 52 deletions

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 69e456274c..2161286e08 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -657,6 +657,28 @@ uint32_t samdb_result_acct_flags(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ct
 	return acct_flags;
 }
 
+struct lsa_BinaryString samdb_result_parameters(TALLOC_CTX *mem_ctx,
+						struct ldb_message *msg,
+						const char *attr)
+{
+	struct lsa_BinaryString s;
+	const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
+
+	ZERO_STRUCT(s);
+
+	if (!val) {
+		return s;
+	}
+
+	s.array = talloc_array(mem_ctx, uint16_t, val->length/2);
+	if (!s.array) {
+		return s;
+	}
+	s.length = s.size = val->length/2;
+	memcpy(s.array, val->data, val->length);
+
+	return s;
+}
 
 /* Find an attribute, with a particular value */
 
@@ -897,6 +919,17 @@ int samdb_msg_add_logon_hours(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
 }
 
 /*
+  add a parameters element to a message
+*/
+int samdb_msg_add_parameters(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			     const char *attr_name, struct lsa_BinaryString *parameters)
+{
+	struct ldb_val val;
+	val.length = parameters->length * 2;
+	val.data = (uint8_t *)parameters->array;
+	return ldb_msg_add_value(msg, attr_name, &val, NULL);
+}
+/*
   add a general value element to a message
 */
 int samdb_msg_add_value(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk
index 8bc8b6e000..bd188192a0 100644
--- a/source4/dsdb/config.mk
+++ b/source4/dsdb/config.mk
@@ -6,7 +6,7 @@ mkinclude samdb/ldb_modules/config.mk
 # Start SUBSYSTEM SAMDB
 [SUBSYSTEM::SAMDB]
 PUBLIC_DEPENDENCIES = HEIMDAL_KRB5 
-PRIVATE_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI NDR_DRSBLOBS NSS_WRAPPER \
+PRIVATE_DEPENDENCIES = LIBNDR NDR_DRSUAPI NDR_DRSBLOBS NSS_WRAPPER \
 					   auth_system_session LDAP_ENCODE LIBCLI_AUTH LIBNDR \
 					   SAMDB_SCHEMA LDB_WRAP SAMDB_COMMON
 
diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk
index 00e4f1af92..1387066256 100644
--- a/source4/dsdb/samdb/ldb_modules/config.mk
+++ b/source4/dsdb/samdb/ldb_modules/config.mk
@@ -2,7 +2,7 @@
 # Start MODULE ldb_objectguid
 [MODULE::ldb_objectguid]
 SUBSYSTEM = LIBLDB
-PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR NDR_MISC
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR
 INIT_FUNCTION = LDB_MODULE(objectguid)
 # End MODULE ldb_objectguid
 ################################################
@@ -14,7 +14,7 @@ ldb_objectguid_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/objectguid.o
 [MODULE::ldb_repl_meta_data]
 SUBSYSTEM = LIBLDB
 PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS \
-			LIBNDR NDR_MISC NDR_DRSUAPI \
+			LIBNDR NDR_DRSUAPI \
 			NDR_DRSBLOBS LIBNDR
 INIT_FUNCTION = LDB_MODULE(repl_meta_data)
 # End MODULE ldb_repl_meta_data
@@ -75,7 +75,7 @@ ldb_pdc_fsmo_OBJ_FILES = \
 # Start MODULE ldb_samldb
 [MODULE::ldb_samldb]
 SUBSYSTEM = LIBLDB
-PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LDAP_ENCODE NDR_MISC SAMDB
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LDAP_ENCODE SAMDB
 INIT_FUNCTION = LDB_MODULE(samldb)
 #
 # End MODULE ldb_samldb
@@ -102,7 +102,7 @@ ldb_samba3sam_OBJ_FILES = \
 [MODULE::ldb_simple_ldap_map]
 SUBSYSTEM = LIBLDB
 INIT_FUNCTION = LDB_MODULE(entryuuid),LDB_MODULE(nsuniqueid)
-PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR NDR_MISC
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR
 ENABLE = YES
 ALIASES = entryuuid nsuniqueid
 # End MODULE ldb_entryuuid
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index dd199c0137..f16eb215a6 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -249,10 +249,14 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
 		return ldb_next_request(module, req);
 	}
 
-	/* start with the first one */
-	return la_do_mod_request(ac);
+	/* start with the original request */
+	return la_down_req(ac);
 }
 
+/* For a delete or rename, we need to find out what linked attributes
+ * are currently on this DN, and then deal with them.  This is the
+ * callback to the base search */
+
 static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares)
 {
 	const struct dsdb_attribute *schema_attr;
@@ -349,8 +353,8 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
 
 		talloc_free(ares);
 
-		/* All mods set up, start with the first one */
-		ret = la_do_mod_request(ac);
+		/* Start with the original request */
+		ret = la_down_req(ac);
 		if (ret != LDB_SUCCESS) {
 			return ldb_module_done(ac->req, NULL, NULL, ret);
 		}
@@ -539,8 +543,8 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
 		
 	} else {
 		if (ac->ops) {
-			/* Jump directly to handling the modifies */
-			ret = la_do_mod_request(ac);
+			/* Start with the original request */
+			ret = la_down_req(ac);
 		} else {
 			/* nothing to do for this module, proceed */
 			talloc_free(ac);
@@ -732,12 +736,8 @@ static int la_op_search_callback(struct ldb_request *req,
 
 		talloc_free(ares);
 
-		if (ac->ops) {
-			/* start the mod requests chain */
-			ret = la_do_mod_request(ac);
-		} else {
-			ret = la_down_req(ac);
-		}
+		/* start the mod requests chain */
+		ret = la_down_req(ac);
 		if (ret != LDB_SUCCESS) {
 			return ldb_module_done(ac->req, NULL, NULL, ret);
 		}
@@ -840,11 +840,13 @@ static int la_mod_callback(struct ldb_request *req, struct ldb_reply *ares)
 		talloc_free(os);
 	}
 
-	/* as last op run the original request */
+	/* If we still have modifies in the queue, then run them */
 	if (ac->ops) {
 		ret = la_do_mod_request(ac);
 	} else {
-		ret = la_down_req(ac);
+		/* Otherwise, we are done! */
+		ret = ldb_module_done(ac->req, ares->controls,
+				      ares->response, ares->error);
 	}
 
 	if (ret != LDB_SUCCESS) {
@@ -898,6 +900,7 @@ static int la_down_req(struct la_context *ac)
 	return ldb_next_request(ac->module, down_req);
 }
 
+/* Having done the original operation, then try to fix up all the linked attributes */
 static int la_down_callback(struct ldb_request *req, struct ldb_reply *ares)
 {
 	struct la_context *ac;
@@ -920,9 +923,13 @@ static int la_down_callback(struct ldb_request *req, struct ldb_reply *ares)
 		return ldb_module_done(ac->req, NULL, NULL,
 					LDB_ERR_OPERATIONS_ERROR);
 	}
-
-	return ldb_module_done(ac->req, ares->controls,
-				ares->response, ares->error);
+	/* If we have modfies to make, then run them */
+	if (ac->ops) {
+		return la_do_mod_request(ac);
+	} else {
+		return ldb_module_done(ac->req, ares->controls,
+				      ares->response, ares->error);
+	}
 }
 
 _PUBLIC_ const struct ldb_module_ops ldb_linked_attributes_module_ops = {
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 7d00851792..1d240a33fe 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -414,10 +414,10 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
 		return ldb_next_request(module, req);
 	}
 
-	/* Need to object to this, but cn=rootdse doesn't have an objectClass... */
+	/* the objectClass must be specified on add */
 	if (ldb_msg_find_element(req->op.add.message, 
 				 "objectClass") == NULL) {
-		return ldb_next_request(module, req);
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
 	}
 
 	ac = oc_init_context(module, req);
diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c
index 0266654811..df409a8ae3 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c
@@ -38,6 +38,10 @@ static int generate_attributeTypes(struct ldb_context *ldb, struct ldb_message *
 				   const struct dsdb_schema *schema);
 static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message *msg,
 				    const struct dsdb_schema *schema);
+static int generate_extendedAttributeInfo(struct ldb_context *ldb, struct ldb_message *msg,
+					  const struct dsdb_schema *schema);
+static int generate_extendedClassInfo(struct ldb_context *ldb, struct ldb_message *msg,
+				      const struct dsdb_schema *schema);
 
 static const struct {
 	const char *attr;
@@ -54,6 +58,14 @@ static const struct {
 	{
 		.attr = "dITContentRules",
 		.fn = generate_dITContentRules
+	},
+	{
+		.attr = "extendedAttributeInfo",
+		.fn = generate_extendedAttributeInfo
+	},
+	{
+		.attr = "extendedClassInfo",
+		.fn = generate_extendedClassInfo
 	}
 };
 
@@ -322,7 +334,51 @@ static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message
 	return LDB_SUCCESS;
 }
 
+static int generate_extendedAttributeInfo(struct ldb_context *ldb,
+					  struct ldb_message *msg,
+					  const struct dsdb_schema *schema)
+{
+	const struct dsdb_attribute *attribute;
+	int ret;
+
+	for (attribute = schema->attributes; attribute; attribute = attribute->next) {
+		char *val = schema_attribute_to_extendedInfo(msg, attribute);
+		if (!val) {
+			ldb_oom(ldb);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ret = ldb_msg_add_string(msg, "extendedAttributeInfo", val);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int generate_extendedClassInfo(struct ldb_context *ldb,
+				      struct ldb_message *msg,
+				      const struct dsdb_schema *schema)
+{
+	const struct dsdb_class *sclass;
+	int ret;
+
+	for (sclass = schema->classes; sclass; sclass = sclass->next) {
+		char *val = schema_class_to_extendedInfo(msg, sclass);
+		if (!val) {
+			ldb_oom(ldb);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
 
+		ret = ldb_msg_add_string(msg, "extendedClassInfo", val);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
 
 /* Add objectClasses, attributeTypes and dITContentRules from the
    schema object (they are not stored in the database)
diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
index 1fc531902d..fa1af2ad61 100644
--- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
+++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
@@ -27,7 +27,7 @@ import ldb
 from ldb import SCOPE_DEFAULT, SCOPE_BASE, SCOPE_SUBTREE
 from samba import Ldb, substitute_var
 from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm
-import samba.dcerpc.security
+import samba.dcerpc.dom_sid
 import samba.security
 import samba.ndr
 
@@ -50,7 +50,7 @@ class MapBaseTestCase(TestCaseInTempDir):
                  "@TO": "sambaDomainName=TESTS," + s3.basedn})
 
         ldb.add({"dn": "@MODULES",
-                 "@LIST": "rootdse,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition"})
+                 "@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition"})
 
         ldb.add({"dn": "@PARTITION",
             "partition": ["%s:%s" % (s4.basedn, s4.url), 
@@ -116,7 +116,7 @@ class MapBaseTestCase(TestCaseInTempDir):
         super(MapBaseTestCase, self).tearDown()
 
     def assertSidEquals(self, text, ndr_sid):
-        sid_obj1 = samba.ndr.ndr_unpack(samba.dcerpc.security.dom_sid, 
+        sid_obj1 = samba.ndr.ndr_unpack(samba.dcerpc.dom_sid.dom_sid,
                                         str(ndr_sid[0]))
         sid_obj2 = samba.security.Sid(text)
         # For now, this is the only way we can compare these since the 
diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h
index 68dc8197cb..e8fefb5246 100644
--- a/source4/dsdb/schema/schema.h
+++ b/source4/dsdb/schema/schema.h
@@ -72,8 +72,8 @@ struct dsdb_attribute {
 	struct ldb_val oMObjectClass;
 
 	bool isSingleValued;
-	uint32_t rangeLower;
-	uint32_t rangeUpper;
+	uint32_t *rangeLower;
+	uint32_t *rangeUpper;
 	bool extendedCharsAllowed;
 
 	uint32_t schemaFlagsEx;
diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c
index c3c37b4653..9443c04bb0 100644
--- a/source4/dsdb/schema/schema_description.c
+++ b/source4/dsdb/schema/schema_description.c
@@ -20,6 +20,7 @@
 */
 #include "includes.h"
 #include "dsdb/samdb/samdb.h"
+#include "librpc/ndr/libndr.h"
 
 #define IF_NULL_FAIL_RET(x) do {     \
 		if (!x) {		\
@@ -36,7 +37,12 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx,
 					  const char *equality, 
 					  const char *substring, 
 					  const char *syntax,
-					  bool single_value, bool operational)
+					  bool single_value, bool operational,
+					  uint32_t *range_lower,
+					  uint32_t *range_upper,
+					  const char *property_guid,
+					  const char *property_set_guid,
+					  bool indexed, bool system_only)
 {
 	char *schema_entry = talloc_asprintf(mem_ctx, 
 					     "(%s%s%s", seperator, oid, seperator);
@@ -55,11 +61,13 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx,
 						      "SUBSTR %s%s", substring, seperator);
 		IF_NULL_FAIL_RET(schema_entry);
 	}
-	
-	schema_entry = talloc_asprintf_append(schema_entry, 
-					      "SYNTAX %s%s", syntax, seperator);
-	IF_NULL_FAIL_RET(schema_entry);
-	
+
+	if (syntax) {
+		schema_entry = talloc_asprintf_append(schema_entry,
+						      "SYNTAX %s%s", syntax, seperator);
+		IF_NULL_FAIL_RET(schema_entry);
+	}
+
 	if (single_value) {
 		schema_entry = talloc_asprintf_append(schema_entry, 
 						      "SINGLE-VALUE%s", seperator);
@@ -71,7 +79,47 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx,
 						      "NO-USER-MODIFICATION%s", seperator);
 		IF_NULL_FAIL_RET(schema_entry);
 	}
-	
+
+	if (range_lower) {
+		schema_entry = talloc_asprintf_append(schema_entry,
+						      "RANGE-LOWER '%u'%s",
+						      *range_lower, seperator);
+		IF_NULL_FAIL_RET(schema_entry);
+	}
+
+	if (range_upper) {
+		schema_entry = talloc_asprintf_append(schema_entry,
+						      "RANGE-UPPER '%u'%s",
+						      *range_upper, seperator);
+		IF_NULL_FAIL_RET(schema_entry);
+	}
+
+	if (property_guid) {
+		schema_entry = talloc_asprintf_append(schema_entry,
+						      "PROPERTY-GUID '%s'%s",
+						      property_guid, seperator);
+		IF_NULL_FAIL_RET(schema_entry);
+	}
+
+	if (property_set_guid) {
+		schema_entry = talloc_asprintf_append(schema_entry,
+						      "PROPERTY-SET-GUID '%s'%s",
+						      property_set_guid, seperator);
+		IF_NULL_FAIL_RET(schema_entry);
+	}
+
+	if (indexed) {
+		schema_entry = talloc_asprintf_append(schema_entry,
+						      "INDEXED%s", seperator);
+		IF_NULL_FAIL_RET(schema_entry);
+	}
+
+	if (system_only) {
+		schema_entry = talloc_asprintf_append(schema_entry,
+						      "SYSTEM-ONLY%s", seperator);
+		IF_NULL_FAIL_RET(schema_entry);
+	}
+
 	schema_entry = talloc_asprintf_append(schema_entry, 
 					      ")");
 	return schema_entry;
@@ -80,14 +128,12 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx,
 char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_attribute *attribute) 
 {
 	char *schema_description;
-	const struct dsdb_syntax *map = find_syntax_map_by_ad_oid(attribute->attributeSyntax_oid);
-	const char *syntax = map ? map->ldap_oid : attribute->attributeSyntax_oid;
+	const char *syntax = attribute->syntax->ldap_oid;
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 	if (!tmp_ctx) {
 		return NULL;
 	}
 
-	
 	schema_description 
 		= schema_attribute_description(mem_ctx, 
 					       TARGET_AD_SCHEMA_SUBENTRY,
@@ -96,6 +142,34 @@ char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_att
 					       attribute->lDAPDisplayName,
 					       NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax),
 					       attribute->isSingleValued,
+					       attribute->systemOnly,/* TODO: is this correct? */
+					       NULL, NULL, NULL, NULL,
+					       false, false);
+	talloc_free(tmp_ctx);
+	return schema_description;
+}
+
+char *schema_attribute_to_extendedInfo(TALLOC_CTX *mem_ctx, const struct dsdb_attribute *attribute)
+{
+	char *schema_description;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NULL;
+	}
+
+	schema_description
+		= schema_attribute_description(mem_ctx,
+					       TARGET_AD_SCHEMA_SUBENTRY,
+					       " ",
+					       attribute->attributeID_oid,
+					       attribute->lDAPDisplayName,
+					       NULL, NULL, NULL,
+					       false, false,
+					       attribute->rangeLower,
+					       attribute->rangeUpper,
+					       GUID_hexstring(tmp_ctx, &attribute->schemaIDGUID),
+					       GUID_hexstring(tmp_ctx, &attribute->attributeSecurityGUID),
+					       (attribute->searchFlags & SEARCH_FLAG_ATTINDEX),
 					       attribute->systemOnly);
 	talloc_free(tmp_ctx);
 	return schema_description;
@@ -142,7 +216,8 @@ char *schema_class_description(TALLOC_CTX *mem_ctx,
 			       const char *subClassOf,
 			       int objectClassCategory,
 			       char **must,
-			       char **may)
+			       char **may,
+			       const char *schemaHexGUID)
 {
 	char *schema_entry = talloc_asprintf(mem_ctx, 
 					     "(%s%s%s", seperator, oid, seperator);
@@ -225,7 +300,14 @@ char *schema_class_description(TALLOC_CTX *mem_ctx,
 						      ")%s", seperator);
 		IF_NULL_FAIL_RET(schema_entry);
 	}
-	
+
+	if (schemaHexGUID) {
+		schema_entry = talloc_asprintf_append(schema_entry,
+						      "CLASS-GUID '%s'%s",
+						      schemaHexGUID, seperator);
+		IF_NULL_FAIL_RET(schema_entry);
+	}
+
 	schema_entry = talloc_asprintf_append(schema_entry, 
 					      ")");
 	return schema_entry;
@@ -251,7 +333,8 @@ char *schema_class_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_class *
 					   dsdb_attribute_list(tmp_ctx, 
 							       class, DSDB_SCHEMA_ALL_MUST),
 					   dsdb_attribute_list(tmp_ctx, 
-							       class, DSDB_SCHEMA_ALL_MAY));
+							       class, DSDB_SCHEMA_ALL_MAY),
+					   NULL);
 	talloc_free(tmp_ctx);
 	return schema_description;
 }
@@ -295,7 +378,38 @@ char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_clas
 						  * ditContentRules
 						  * per MS-ADTS
 						  * 3.1.1.3.1.1.1 */
-					   -1, must_attr_list, may_attr_list);
+					   -1, must_attr_list, may_attr_list,
+					   NULL);
 	talloc_free(tmp_ctx);
 	return schema_description;
 }
+
+char *schema_class_to_extendedInfo(TALLOC_CTX *mem_ctx, const struct dsdb_class *sclass)
+{
+	char *schema_description = NULL;
+	DATA_BLOB guid_blob;
+	char *guid_hex;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NULL;
+	}
+
+	schema_description
+		= schema_class_description(mem_ctx,
+					   TARGET_AD_SCHEMA_SUBENTRY,
+					   " ",
+					   sclass->governsID_oid,
+					   sclass->lDAPDisplayName,
+					   NULL,
+					   NULL, /* Must not specify a
+						  * SUP (subclass) in
+						  * ditContentRules
+						  * per MS-ADTS
+						  * 3.1.1.3.1.1.1 */
+					   -1, NULL, NULL,
+					   GUID_hexstring(tmp_ctx, &sclass->schemaIDGUID));
+	talloc_free(tmp_ctx);
+	return schema_description;
+}
+
+
diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index 6561e8ed88..763872cf2b 100644
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -643,6 +643,24 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
 	(p)->elem = samdb_result_uint(msg, attr, 0);\
 } while (0)
 
+#define GET_UINT32_PTR_LDB(msg, attr, p, elem) do { \
+	uint64_t _v = samdb_result_uint64(msg, attr, UINT64_MAX);\
+	if (_v == UINT64_MAX) { \
+		(p)->elem = NULL; \
+	} else if (_v > UINT32_MAX) { \
+		d_printf("%s: %s == 0x%llX\n", __location__, \
+			 attr, (unsigned long long)_v); \
+		return WERR_INVALID_PARAM; \
+	} else { \
+		(p)->elem = talloc(mem_ctx, uint32_t); \
+		if (!(p)->elem) { \
+			d_printf("%s: talloc failed for %s\n", __location__, attr); \
+			return WERR_NOMEM; \
+		} \
+		*(p)->elem = (uint32_t)_v; \
+	} \
+} while (0)
+
 #define GET_GUID_LDB(msg, attr, p, elem) do { \
 	(p)->elem = samdb_result_guid(msg, attr);\
 } while (0)
@@ -707,8 +725,8 @@ WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema,
 	GET_BLOB_LDB(msg, "oMObjectClass", mem_ctx, attr, oMObjectClass);
 
 	GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, true);
-	GET_UINT32_LDB(msg, "rangeLower", attr, rangeLower);
-	GET_UINT32_LDB(msg, "rangeUpper", attr, rangeUpper);
+	GET_UINT32_PTR_LDB(msg, "rangeLower", attr, rangeLower);
+	GET_UINT32_PTR_LDB(msg, "rangeUpper", attr, rangeUpper);
 	GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
 
 	GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx);
@@ -1260,6 +1278,23 @@ static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb
 	} \
 } while (0)
 
+#define GET_UINT32_PTR_DS(s, r, attr, p, elem) do { \
+	struct drsuapi_DsReplicaAttribute *_a; \
+	_a = dsdb_find_object_attr_name(s, r, attr, NULL); \
+	if (_a && _a->value_ctr.num_values >= 1 \
+	    && _a->value_ctr.values[0].blob \
+	    && _a->value_ctr.values[0].blob->length == 4) { \
+		(p)->elem = talloc(mem_ctx, uint32_t); \
+		if (!(p)->elem) { \
+			d_printf("%s: talloc failed for %s\n", __location__, attr); \
+			return WERR_NOMEM; \
+		} \
+		*(p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\
+	} else { \
+		(p)->elem = NULL; \
+	} \
+} while (0)
+
 #define GET_GUID_DS(s, r, attr, mem_ctx, p, elem) do { \
 	struct drsuapi_DsReplicaAttribute *_a; \
 	_a = dsdb_find_object_attr_name(s, r, attr, NULL); \
@@ -1330,8 +1365,8 @@ WERROR dsdb_attribute_from_drsuapi(struct dsdb_schema *schema,
 	GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass);
 
 	GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, true);
-	GET_UINT32_DS(schema, r, "rangeLower", attr, rangeLower);
-	GET_UINT32_DS(schema, r, "rangeUpper", attr, rangeUpper);
+	GET_UINT32_PTR_DS(schema, r, "rangeLower", attr, rangeLower);
+	GET_UINT32_PTR_DS(schema, r, "rangeUpper", attr, rangeUpper);
 	GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
 
 	GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx);
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index e0e6b3fc77..7aed08605b 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -1278,9 +1278,9 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.7",
 		.drsuapi_to_ldb		= dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
-		.equality               = "distinguishedNameMatch",
+		.equality               = "octetStringMatch",
 		.comment                = "OctetString: Binary+DN",
-		.ldb_syntax             = LDB_SYNTAX_DN,
+		.ldb_syntax             = LDB_SYNTAX_OCTET_STRING,
 	},{
 	/* not used in w2k3 schema */
 		.name			= "Object(OR-Name)",
@@ -1322,9 +1322,6 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.14",
 		.drsuapi_to_ldb		= dsdb_syntax_FOOBAR_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_FOOBAR_ldb_to_drsuapi,
-		.equality               = "distinguishedNameMatch",
-		.comment                = "OctetString: String+DN",
-		.ldb_syntax             = LDB_SYNTAX_DN,
 	},{
 	/* not used in w2k3 schema */
 		.name			= "Object(DN-String)",
@@ -1334,6 +1331,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.14",
 		.drsuapi_to_ldb		= dsdb_syntax_FOOBAR_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_FOOBAR_ldb_to_drsuapi,
+		.equality               = "distinguishedNameMatch",
+		.comment                = "OctetString: String+DN",
 		.ldb_syntax             = LDB_SYNTAX_DN,
 	}
 };