2 files changed, 28 insertions, 6 deletions

diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index c28d43d53b..7135c0be79 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -214,6 +214,9 @@ char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry,
 char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry,
 					 const char *attribute,
 					 TALLOC_CTX *mem_ctx);
+bool smbldap_talloc_single_blob(TALLOC_CTX *mem_ctx, LDAP *ld,
+				LDAPMessage *msg, const char *attrib,
+				DATA_BLOB *blob);
 bool smbldap_pull_sid(LDAP *ld, LDAPMessage *msg, const char *attrib,
 		      struct dom_sid *sid);
 void talloc_autofree_ldapmsg(TALLOC_CTX *mem_ctx, LDAPMessage *result);
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index b6921c329c..b3b5fa7582 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -389,23 +389,42 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
 	return result;
 }
 
- bool smbldap_pull_sid(LDAP *ld, LDAPMessage *msg, const char *attrib,
-		       struct dom_sid *sid)
+ bool smbldap_talloc_single_blob(TALLOC_CTX *mem_ctx, LDAP *ld,
+				 LDAPMessage *msg, const char *attrib,
+				 DATA_BLOB *blob)
 {
 	struct berval **values;
-	bool ret = False;
 
 	values = ldap_get_values_len(ld, msg, attrib);
-
 	if (!values) {
 		return false;
 	}
 
-	if (values[0] != NULL) {
-		ret = sid_parse(values[0]->bv_val, values[0]->bv_len, sid);
+	if (ldap_count_values_len(values) != 1) {
+		DEBUG(10, ("Expected one value for %s, got %d\n", attrib,
+			   ldap_count_values_len(values)));
+		return false;
 	}
 
+	*blob = data_blob_talloc(mem_ctx, values[0]->bv_val,
+				 values[0]->bv_len);
 	ldap_value_free_len(values);
+
+	return (blob->data != NULL);
+}
+
+ bool smbldap_pull_sid(LDAP *ld, LDAPMessage *msg, const char *attrib,
+		       struct dom_sid *sid)
+{
+	DATA_BLOB blob;
+	bool ret;
+
+	if (!smbldap_talloc_single_blob(talloc_tos(), ld, msg, attrib,
+					&blob)) {
+		return false;
+	}
+	ret = sid_parse((char *)blob.data, blob.length, sid);
+	TALLOC_FREE(blob.data);
 	return ret;
 }