From 61be498adbdcefb3d2d79bc26019ede01411178f Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Mon, 5 Jul 2010 23:41:13 +0400 Subject: s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated a new one MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This should avoid colliion with newly added objects that use the same SID as existing users in the upgraded provision. Signed-off-by: Matthias Dieter Wallnöfer --- source4/scripting/bin/upgradeprovision | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index 9d29d4a76b..48c4ce63b8 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -516,6 +516,11 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index): empty = Message() delta = samdb.msg_diff(empty, reference[0]) delta.dn + if delta.get("objectSid"): + sid = str(ndr_unpack(security.dom_sid, str(reference[0]["objectSid"]))) + m = re.match(r".*-(\d+)$", sid) + if m and int(m.group(1))>999: + delta.remove("objectSid") for att in hashAttrNotCopied.keys(): delta.remove(att) for att in backlinked: @@ -533,6 +538,7 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index): delta.dn = dn message(CHANGE,"Object %s will be added" % dn) samdb.add(delta, ["relax:0"]) + return True def gen_dn_index_hash(listMissing): -- cgit