1 files changed, 8 insertions, 22 deletions

diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision
index cc8c633451..8e7d792e35 100755
--- a/source4/scripting/bin/samba_upgradeprovision
+++ b/source4/scripting/bin/samba_upgradeprovision
@@ -921,7 +921,7 @@ def checkKeepAttributeWithMetadata(delta, att, message, reference, current,
                                     " cames from the modification or from a previous bug")
                     dnNotToRecalculateFound = True
                 else:
-                    dnToRecalculate.append(str(dn))
+                    dnToRecalculate.append(dn)
                 continue
 
         if attrUSN == -1:
@@ -1282,11 +1282,12 @@ def fix_wellknown_sd(samdb, names):
              get_dns_domain_microsoft_dns_descriptor)
         subcontainers.append(c)
 
-    for [dn, descriptor_fn] in subcontainers:
+    for [strdn, descriptor_fn] in subcontainers:
+        dn = Dn(samdb, strdn)
         list_wellknown_dns.append(dn)
         if dn in dnToRecalculate:
             delta = Message()
-            delta.dn = Dn(samdb, str(dn))
+            delta.dn = dn
             descr = descriptor_fn(names.domainsid, name_map=names.name_map)
             delta["nTSecurityDescriptor"] = MessageElement(descr, FLAG_MOD_REPLACE,
                                                             "nTSecurityDescriptor" )
@@ -1311,30 +1312,16 @@ def rebuild_sd(samdb, names):
 
     listWellknown = fix_wellknown_sd(samdb, names)
 
-    hash = {}
-    for dn in dnToRecalculate:
-        if hash.has_key(dn):
-            continue
-            # fetch each dn to recalculate and their child within the same partition
-        res = samdb.search(expression="objectClass=*", base=dn,
-                           scope=SCOPE_SUBTREE, attrs=["dn", "whenCreated"])
-        for obj in res:
-            hash[str(obj["dn"])] = obj["whenCreated"]
-
-    listKeys = list(set(hash.keys()))
-    listKeys.sort(dn_sort)
-
     if len(dnToRecalculate) != 0:
         message(CHANGESD, "%d DNs have been marked as needed to be recalculated"
-                            ", recalculating %d due to inheritance"
-                            % (len(dnToRecalculate), len(listKeys)))
+                            % (len(dnToRecalculate)))
 
-    for key in listKeys:
+    for dn in dnToRecalculate:
         # well known SDs have already been reset
-        if key in listWellknown:
+        if dn in listWellknown:
             continue
         delta = Message()
-        delta.dn = Dn(samdb, key)
+        delta.dn = dn
         sd_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL
         try:
             descr = get_empty_descriptor(names.domainsid)
@@ -1840,7 +1827,6 @@ if __name__ == '__main__':
         message(SIMPLE, "Update machine account")
         update_machine_account_password(ldbs.sam, ldbs.secrets, names)
 
-        dnToRecalculate.sort(dn_sort)
         # 16) SD should be created with admin but as some previous acl were so wrong
         # that admin can't modify them we have first to recreate them with the good
         # form but with system account and then give the ownership to admin ...