1 files changed, 11 insertions, 10 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 95a16b5527..7ecc41d2c3 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -346,13 +346,14 @@ static int samldb_get_parent_domain_callback(struct ldb_request *req,
 		}
 
 		nextRid = ldb_msg_find_attr_as_string(ares->message,
-							"nextRid", NULL);
+						      "nextRid", NULL);
 		if (nextRid == NULL) {
 			ldb_asprintf_errstring(ac->module->ldb,
-				"attribute nextRid not found in %s\n",
-				ldb_dn_get_linearized(ares->message->dn));
+				"while looking for domain above %s attribute nextRid not found in %s\n",
+					       ldb_dn_get_linearized(ac->req->op.add.message->dn), 
+					       ldb_dn_get_linearized(ares->message->dn));
 			ret = LDB_ERR_OPERATIONS_ERROR;
-			break;;
+			break;
 		}
 
 		ac->next_rid = strtol(nextRid, NULL, 0);
@@ -369,6 +370,7 @@ static int samldb_get_parent_domain_callback(struct ldb_request *req,
 
 		talloc_free(ares);
 		ret = LDB_SUCCESS;
+		ldb_reset_err_string(ac->module->ldb);
 		break;
 
 	case LDB_REPLY_REFERRAL:
@@ -1067,8 +1069,8 @@ static int samldb_foreign_notice_sid_callback(struct ldb_request *req,
 							"nextRid", NULL);
 		if (nextRid == NULL) {
 			ldb_asprintf_errstring(ac->module->ldb,
-				"attribute nextRid not found in %s\n",
-				ldb_dn_get_linearized(ares->message->dn));
+				"while looking for forign sid %s attribute nextRid not found in %s\n",
+					       dom_sid_string(ares, ac->sid), ldb_dn_get_linearized(ares->message->dn));
 			ret = LDB_ERR_OPERATIONS_ERROR;
 			break;
 		}
@@ -1118,6 +1120,7 @@ static int samldb_foreign_notice_sid(struct samldb_ctx *ac)
 {
 	static const char * const attrs[3] = { "nextRid", "name", NULL };
 	struct ldb_request *req;
+	NTSTATUS status;
 	char *filter;
 	int ret;
 
@@ -1125,12 +1128,10 @@ static int samldb_foreign_notice_sid(struct samldb_ctx *ac)
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	ac->domain_sid = dom_sid_dup(ac, ac->sid);
-	if (!ac->domain_sid) {
+	status = dom_sid_split_rid(ac, ac->sid, &ac->domain_sid, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
-	/* get the domain component part of the provided SID */
-	ac->domain_sid->num_auths--;
 
 	filter = talloc_asprintf(ac, "(&(objectSid=%s)(objectclass=domain))",
 				 ldap_encode_ndr_dom_sid(ac, ac->domain_sid));