From 2546b63f732226e04505b3903f22b666ab161a96 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 27 Feb 2007 20:34:10 +0000
Subject: r21566: If we're going to be broken, at least be *consistently*
 broken :-). This will do until Simo fixes the escape calls properly. Jeremy.
 (This used to be commit b7d91ec1b20f8d58903a3283f7789a30041461be)

---
 source3/nsswitch/winbindd_ads.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'source3/nsswitch/winbindd_ads.c')

diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index 9c8f23b1cf..7fcdec0b7d 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -607,6 +607,7 @@ static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain,
 	const char *attrs[] = {"memberOf", NULL};
 	size_t num_groups = 0;
 	DOM_SID *group_sids = NULL;
+	char *escaped_dn;
 	int i;
 
 	DEBUG(3,("ads: lookup_usergroups_memberof\n"));
@@ -618,9 +619,16 @@ static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain,
 		goto done;
 	}
 
-	rc = ads_search_retry_extended_dn(ads, &res, user_dn, attrs, 
+	if (!(escaped_dn = escape_ldap_string_alloc(user_dn))) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	rc = ads_search_retry_extended_dn(ads, &res, escaped_dn, attrs, 
 					  ADS_EXTENDED_DN_HEX_STRING);
 	
+	SAFE_FREE(escaped_dn);
+
 	if (!ADS_ERR_OK(rc) || !res) {
 		DEBUG(1,("lookup_usergroups_memberof ads_search member=%s: %s\n", 
 			user_dn, ads_errstr(rc)));
-- 
cgit