s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for LDAP filters

This makes also lookups through special backends as "samba3sam" work.

1 files changed, 5 insertions, 2 deletions

diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c
index 87fde9dbd7..d612cf8769 100644
--- a/source4/lib/policy/gp_ldap.c
+++ b/source4/lib/policy/gp_ldap.c
@@ -28,6 +28,7 @@
 #include "../librpc/gen_ndr/ndr_security.h"
 #include "../libcli/security/dom_sid.h"
 #include "libcli/security/security.h"
+#include "libcli/ldap/ldap_ndr.h"
 #include "../lib/talloc/talloc.h"
 #include "lib/policy/policy.h"
 
@@ -425,7 +426,7 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
 	TALLOC_CTX *mem_ctx;
 	const char **gpos;
 	struct ldb_result *result;
-	const char *sid;
+	char *sid;
 	struct ldb_dn *dn;
 	struct ldb_message_element *element;
 	bool inherit;
@@ -443,7 +444,9 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
 	mem_ctx = talloc_new(gp_ctx);
 	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
 
-	sid = dom_sid_string(mem_ctx, &token->sids[PRIMARY_USER_SID_INDEX]);
+	sid = ldap_encode_ndr_dom_sid(mem_ctx,
+				      &token->sids[PRIMARY_USER_SID_INDEX]);
+	NT_STATUS_HAVE_NO_MEMORY(sid);
 
 	/* Find the user DN and objectclass via the sid from the security token */
 	rv = ldb_search(gp_ctx->ldb_ctx,