python-s4: use secrets.ldb instead of sam.ldb for reading domain SID

  This allow to be able to run net acl set xxx yyy on DC, but also on domain
  member.

Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>

1 files changed, 2 insertions, 2 deletions

diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py
index a96593ef0c..8c0803f5f5 100644
--- a/source4/scripting/python/samba/netcmd/ntacl.py
+++ b/source4/scripting/python/samba/netcmd/ntacl.py
@@ -61,7 +61,7 @@ class cmd_acl_set(Command):
             credopts=None, sambaopts=None, versionopts=None):
 		lp = sambaopts.get_loadparm()
 		creds = credopts.get_credentials(lp)
-		path = os.path.join(lp.get("private dir"), lp.get("sam database") or "samdb.ldb")
+		path = os.path.join(lp.get("private dir"), lp.get("secrets database") or "secrets.ldb")
 		creds = credopts.get_credentials(lp)
 		creds.set_kerberos_state(DONT_USE_KERBEROS)
 		try:
@@ -71,7 +71,7 @@ class cmd_acl_set(Command):
 			sys.exit(1)
 		attrs = ["objectSid"]
 		print lp.get("realm")
-		res = ldb.search(expression="(objectClass=*)",base="DC=%s"%lp.get("realm").lower().replace(".",",DC="), scope=SCOPE_BASE, attrs=attrs)
+		res = ldb.search(expression="(objectClass=*)",base="flatname=%s,cn=Primary Domains"%lp.get("workgroup"), scope=SCOPE_BASE, attrs=attrs)
 		if len(res) !=0:
 			domainsid = ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
 			setntacl(lp,file,acl,str(domainsid),xattr_backend,eadb_file)