From 6362c9c30d213381c5b51783d4842bf83de5074b Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sun, 5 Jun 2011 00:42:35 +0400 Subject: s4-dsdb: check group membership only for non deleted objects Group membership has been already removed on deleted objects so there is no mean doing something on this kind of object. --- source4/dsdb/samdb/ldb_modules/samldb.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 5c940992ae..6ca3fe84c6 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -2178,17 +2178,24 @@ static int samldb_prim_group_users_check(struct samldb_ctx *ac) NTSTATUS status; int ret; struct ldb_result *res; - const char *attrs[] = { "objectSid", NULL }; + const char *attrs[] = { "objectSid", "isDeleted", NULL }; const char *noattrs[] = { NULL }; ldb = ldb_module_get_ctx(ac->module); /* Finds out the SID/RID of the SAM object */ - ret = dsdb_module_search_dn(ac->module, ac, &res, ac->req->op.del.dn, attrs, DSDB_FLAG_NEXT_MODULE, ac->req); + ret = dsdb_module_search_dn(ac->module, ac, &res, ac->req->op.del.dn, + attrs, + DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_DELETED, + ac->req); if (ret != LDB_SUCCESS) { return ret; } + if (ldb_msg_check_string_attribute(res->msgs[0], "isDeleted", "TRUE")) { + return LDB_SUCCESS; + } + sid = samdb_result_dom_sid(ac, res->msgs[0], "objectSid"); if (sid == NULL) { /* No SID - it might not be a SAM object - therefore ok */ -- cgit