From 7a5e47bf4e55d7b53f487ed5eb6eab31e20bdcc5 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Thu, 2 Dec 2010 12:23:53 +0100 Subject: s4:auth/sam.c-"authsam_expand_nested_groups" - don't fail if we've memberships on non-SAM objects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This can be expected (think at a membership of a "groupOfNames" group) and we shouldn't blame about it. This fixes a bug reported on the technical mailing list. Autobuild-User: Matthias Dieter Wallnöfer Autobuild-Date: Thu Dec 2 17:17:56 CET 2010 on sn-devel-104 --- source4/auth/sam.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/auth/sam.c') diff --git a/source4/auth/sam.c b/source4/auth/sam.c index b98830a0a9..6203b960c4 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -326,11 +326,11 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, status = dsdb_get_extended_dn_sid(dn, &sid, "SID"); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, (__location__ ": when parsing DN %s we failed to find our SID component, so we cannot calculate the group token: %s\n", - ldb_dn_get_extended_linearized(tmp_ctx, dn, 1), - nt_errstr(status))); + /* If we fail finding a SID then this is no error since it could + * be a non SAM object - e.g. a group with object class + * "groupOfNames" */ talloc_free(tmp_ctx); - return NT_STATUS_INTERNAL_DB_CORRUPTION; + return NT_STATUS_OK; } if (!sam_ctx) { -- cgit