summaryrefslogtreecommitdiff
path: root/source4/dsdb/common/util_groups.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb/common/util_groups.c')
-rw-r--r--source4/dsdb/common/util_groups.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/source4/dsdb/common/util_groups.c b/source4/dsdb/common/util_groups.c
index b5aecbafe9..6a96ce89d1 100644
--- a/source4/dsdb/common/util_groups.c
+++ b/source4/dsdb/common/util_groups.c
@@ -126,6 +126,31 @@ NTSTATUS dsdb_expand_nested_groups(struct ldb_context *sam_ctx,
filter);
}
+ /*
+ * We have the problem with the caller creating a <SID=S-....>
+ * DN for ForeignSecurityPrincipals as they also have
+ * duplicate objects with the SAME SID under CN=Configuration.
+ * This causes a SID= DN to fail with NO_SUCH_OBJECT on Samba
+ * and on Windows. So, we allow this to fail, and
+ * double-check if we can find it with a search in the main
+ * domain partition.
+ */
+ if (ret == LDB_ERR_NO_SUCH_OBJECT && only_childs) {
+ char *sid_string = dom_sid_string(tmp_ctx,
+ &sid);
+ if (!sid_string) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_OK;
+ }
+
+ ret = dsdb_search(sam_ctx, tmp_ctx, &res,
+ ldb_get_default_basedn(sam_ctx),
+ LDB_SCOPE_SUBTREE,
+ attrs, DSDB_SEARCH_SHOW_EXTENDED_DN,
+ "(&(objectClass=foreignSecurityPrincipal)(objectSID=%s))",
+ sid_string);
+ }
+
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
talloc_free(tmp_ctx);
return NT_STATUS_OK;
generated by cgit (git 2.34.1) at 2024-06-13 04:24:45 +0000