summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/extended_dn_in.c26
1 files changed, 17 insertions, 9 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
index 76a951866d..760dd643b4 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
@@ -343,6 +343,11 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
filter_ctx = talloc_get_type_abort(private_context, struct extended_dn_filter_ctx);
+ if (filter_ctx->test_only && filter_ctx->matched) {
+ /* the tree already matched */
+ return LDB_SUCCESS;
+ }
+
attribute = dsdb_attribute_by_lDAPDisplayName(filter_ctx->schema, tree->u.equality.attr);
if (attribute == NULL) {
return LDB_SUCCESS;
@@ -366,7 +371,19 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
return LDB_SUCCESS;
}
+ guid_val = ldb_dn_get_extended_component(dn, "GUID");
+ sid_val = ldb_dn_get_extended_component(dn, "SID");
+
+ if (!guid_val && !sid_val && (attribute->searchFlags & SEARCH_FLAG_ATTINDEX)) {
+ /* if it is indexed, then fixing the string DN will do
+ no good here, as we will not find the attribute in
+ the index. So for now fall through to a standard DN
+ component comparison */
+ return LDB_SUCCESS;
+ }
+
if (filter_ctx->test_only) {
+ /* we need to copy the tree */
filter_ctx->matched = true;
return LDB_SUCCESS;
}
@@ -378,9 +395,6 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
return LDB_SUCCESS;
}
- guid_val = ldb_dn_get_extended_component(dn, "GUID");
- sid_val = ldb_dn_get_extended_component(dn, "SID");
-
if (guid_val) {
expression = talloc_asprintf(filter_ctx, "objectGUID=%s", ldb_binary_encode(filter_ctx, *guid_val));
scope = LDB_SCOPE_SUBTREE;
@@ -389,12 +403,6 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
expression = talloc_asprintf(filter_ctx, "objectSID=%s", ldb_binary_encode(filter_ctx, *sid_val));
scope = LDB_SCOPE_SUBTREE;
base_dn = NULL;
- } else if (attribute->searchFlags & SEARCH_FLAG_ATTINDEX) {
- /* if it is indexed, then fixing the string DN will do
- no good here, as we will not find the attribute in
- the index. So for now fall through to a standard DN
- component comparison */
- return LDB_SUCCESS;
} else {
/* fallback to searching using the string DN as the base DN */
expression = "objectClass=*";