The branch, master has been updated
via d86e701 s4:ldap.py - re-introduce the
"(dn=CN=ldaptestUSER3,CN=Users,DC=wallnoefer2,DC=local)" test
via d6fde2d LDB/s4 - deny the "(dn=...)" syntax on search filters when
in AD mode
via 438971e LDB/s4 - do not use the "(dn=...)" syntax on filters anymore
via fa1c761 s4:ldap.py - test the already mentioned structural object
class sorting behaviour
via 206421c s4:dsdb - enhance "get_last_structural_class()" for
optimisations
via 0f8ffa9 s4:objectclass LDB module - fix up the sorting in respect
to structural or 88 objectclasses
via 52340b8 s4:objectclass LDB module - clean up "objectclass_sort()"
from 8ad52f6 s3-make: Fix build with new smb2_session file.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d86e701b7ca42f3d21d6c5b7b6a1827bd37f0ee6
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Oct 22 12:44:02 2011 +0200
s4:ldap.py - re-introduce the
"(dn=CN=ldaptestUSER3,CN=Users,DC=wallnoefer2,DC=local)" test
This syntax is not supported by Windows AD and should also be denied by
s4/LDB.
Reviewed-by: Andrew Bartlett <[email protected]>
Signed-off-by: Andrew Bartlett <[email protected]>
Autobuild-User: Andrew Bartlett <[email protected]>
Autobuild-Date: Mon Mar 26 02:30:53 CEST 2012 on sn-devel-104
commit d6fde2d4c24d7fb5e040ccb00476f689a4472eff
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Wed Oct 26 09:47:35 2011 +0200
LDB/s4 - deny the "(dn=...)" syntax on search filters when in AD mode
Achieve this by introducing a "disallowDNFilter" flag.
Reviewed-by: Andrew Bartlett <[email protected]>
Signed-off-by: Andrew Bartlett <[email protected]>
commit 438971e214e6f55f19148ed2afc03ec1c7066f65
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Tue Oct 25 20:10:30 2011 +0200
LDB/s4 - do not use the "(dn=...)" syntax on filters anymore
Make it AD-compatible using "(distinguishedName=...)".
Reviewed-by: Andrew Bartlett <[email protected]>
Signed-off-by: Andrew Bartlett <[email protected]>
commit fa1c7615d0809a124109713e1b340f71d9c4594f
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sun Mar 25 23:35:23 2012 +0200
s4:ldap.py - test the already mentioned structural object class sorting
behaviour
Reviewed-by: Andrew Bartlett <[email protected]>
Signed-off-by: Andrew Bartlett <[email protected]>
commit 206421c8fd28ca4bb6375b97e106d3531f1a5559
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sun Mar 25 23:25:01 2012 +0200
s4:dsdb - enhance "get_last_structural_class()" for optimisations
If the objectclass entry has been sorted before we are able to determine
the (last) structural or 88 object class in constant time.
Reviewed-by: Andrew Bartlett <[email protected]>
Signed-off-by: Andrew Bartlett <[email protected]>
commit 0f8ffa9ce1777d0b368eb765a7f69f93e68118bd
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sun Mar 25 22:51:51 2012 +0200
s4:objectclass LDB module - fix up the sorting in respect to structural or
88 objectclasses
Please have a look at MS-ADTS 3.1.1.1.4.
Reviewed-by: Andrew Bartlett <[email protected]>
Signed-off-by: Andrew Bartlett <[email protected]>
commit 52340b86a2a3bcb98c8622a9d5a66f23eb1440f8
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sun Mar 25 21:33:52 2012 +0200
s4:objectclass LDB module - clean up "objectclass_sort()"
Make it easier to comprehend
Reviewed-by: Andrew Bartlett <[email protected]>
Signed-off-by: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/ldb_tdb/ldb_cache.c | 10 +++-
lib/ldb/ldb_tdb/ldb_index.c | 9 +++
lib/ldb/ldb_tdb/ldb_tdb.h | 2 +
source4/dsdb/samdb/ldb_modules/descriptor.c | 6 +-
source4/dsdb/samdb/ldb_modules/objectclass.c | 67 +++++++++++---------
source4/dsdb/samdb/ldb_modules/schema.c | 25 ++++++--
source4/dsdb/tests/python/dirsync.py | 10 ++--
source4/dsdb/tests/python/ldap.py | 30 ++++++---
source4/scripting/bin/rebuildextendeddn | 2 +-
source4/scripting/bin/renamedc | 2 +-
source4/scripting/bin/upgradeprovision | 23 ++++---
source4/scripting/devel/addlotscontacts | 2 +-
source4/scripting/python/samba/idmap.py | 2 +-
.../scripting/python/samba/provision/__init__.py | 2 +-
source4/scripting/python/samba/samdb.py | 6 +-
source4/scripting/python/samba/upgradehelpers.py | 14 ++--
source4/setup/provision_init.ldif | 1 +
17 files changed, 131 insertions(+), 82 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/ldb_tdb/ldb_cache.c b/lib/ldb/ldb_tdb/ldb_cache.c
index 0b93021..6467af1 100644
--- a/lib/ldb/ldb_tdb/ldb_cache.c
+++ b/lib/ldb/ldb_tdb/ldb_cache.c
@@ -346,11 +346,17 @@ int ltdb_cache_load(struct ldb_module *module)
goto failed;
}
- /* set flag for checking base DN on searches */
+ /* set flags if they do exist */
if (r == LDB_SUCCESS) {
- ltdb->check_base = ldb_msg_find_attr_as_bool(options,
LTDB_CHECK_BASE, false);
+ ltdb->check_base = ldb_msg_find_attr_as_bool(options,
+ LTDB_CHECK_BASE,
+ false);
+ ltdb->disallow_dn_filter = ldb_msg_find_attr_as_bool(options,
+
LTDB_DISALLOW_DN_FILTER,
+ false);
} else {
ltdb->check_base = false;
+ ltdb->disallow_dn_filter = false;
}
talloc_free(ltdb->cache->indexlist);
diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 24cc93f..a3848ed 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -510,6 +510,15 @@ static int ltdb_index_dn_leaf(struct ldb_module *module,
const struct ldb_message *index_list,
struct dn_list *list)
{
+ struct ltdb_private *ltdb =
talloc_get_type(ldb_module_get_private(module),
+ struct ltdb_private);
+ if (ltdb->disallow_dn_filter &&
+ (ldb_attr_cmp(tree->u.equality.attr, "dn") == 0)) {
+ /* in AD mode we do not support "(dn=...)" search filters */
+ list->dn = NULL;
+ list->count = 0;
+ return LDB_SUCCESS;
+ }
if (ldb_attr_dn(tree->u.equality.attr) == 0) {
list->dn = talloc_array(list, struct ldb_val, 1);
if (list->dn == NULL) {
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.h b/lib/ldb/ldb_tdb/ldb_tdb.h
index 29856bf..3b87b56 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.h
+++ b/lib/ldb/ldb_tdb/ldb_tdb.h
@@ -26,6 +26,7 @@ struct ltdb_private {
int in_transaction;
bool check_base;
+ bool disallow_dn_filter;
struct ltdb_idxptr *idxptr;
bool prepared_commit;
int read_lock_count;
@@ -62,6 +63,7 @@ struct ltdb_context {
/* special attribute types */
#define LTDB_SEQUENCE_NUMBER "sequenceNumber"
#define LTDB_CHECK_BASE "checkBaseOnSearch"
+#define LTDB_DISALLOW_DN_FILTER "disallowDNFilter"
#define LTDB_MOD_TIMESTAMP "whenChanged"
#define LTDB_OBJECTCLASS "objectClass"
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c
b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 409d08d..47207db 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -542,7 +542,8 @@ static int descriptor_add(struct ldb_module *module, struct
ldb_request *req)
return ldb_operr(ldb);
}
- objectclass = get_last_structural_class(schema, objectclass_element,
req);
+ objectclass = get_last_structural_class(schema, objectclass_element,
+ false);
if (objectclass == NULL) {
return ldb_operr(ldb);
}
@@ -660,7 +661,8 @@ static int descriptor_modify(struct ldb_module *module,
struct ldb_request *req)
return ldb_operr(ldb);
}
- objectclass = get_last_structural_class(schema, objectclass_element,
req);
+ objectclass = get_last_structural_class(schema, objectclass_element,
+ false);
if (objectclass == NULL) {
return ldb_operr(ldb);
}
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c
b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 6f239d2..0d75e5f 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -100,7 +100,9 @@ static int objectclass_sort(struct ldb_module *module,
{
struct ldb_context *ldb;
unsigned int i, lowest;
- struct class_list *unsorted = NULL, *sorted = NULL, *current = NULL,
*poss_parent = NULL, *new_parent = NULL, *current_lowest = NULL;
+ struct class_list *unsorted = NULL, *sorted = NULL, *current = NULL,
+ *poss_parent = NULL, *new_parent = NULL,
+ *current_lowest = NULL, *current_lowest_struct = NULL;
ldb = ldb_module_get_ctx(module);
@@ -163,9 +165,15 @@ static int objectclass_sort(struct ldb_module *module,
current->objectclass = dsdb_class_by_lDAPDisplayName(schema, "top");
DLIST_ADD_END(sorted, current, struct class_list *);
+ /* If we don't have a schema yet, then just merge the lists again */
+ if (!schema) {
+ DLIST_CONCATENATE(sorted, unsorted, struct class_list *);
+ *sorted_out = sorted;
+ return LDB_SUCCESS;
+ }
/* For each object: find parent chain */
- for (current = unsorted; schema && current; current = current->next) {
+ for (current = unsorted; current != NULL; current = current->next) {
for (poss_parent = unsorted; poss_parent; poss_parent =
poss_parent->next) {
if
(ldb_attr_cmp(poss_parent->objectclass->lDAPDisplayName,
current->objectclass->subClassOf) == 0) {
break;
@@ -181,42 +189,37 @@ static int objectclass_sort(struct ldb_module *module,
DLIST_ADD_END(unsorted, new_parent, struct class_list *);
}
- do
- {
+ /* For each object: order by hierarchy */
+ while (unsorted != NULL) {
lowest = UINT_MAX;
- current_lowest = NULL;
- for (current = unsorted; schema && current; current =
current->next) {
- if(current->objectclass->subClass_order < lowest) {
- current_lowest = current;
+ current_lowest = current_lowest_struct = NULL;
+ for (current = unsorted; current != NULL; current =
current->next) {
+ if (current->objectclass->subClass_order <= lowest) {
+ /*
+ * According to MS-ADTS 3.1.1.1.4 structural
+ * and 88 object classes are always listed after
+ * the other class types in a subclass hierarchy
+ */
+ if (current->objectclass->objectClassCategory >
1) {
+ current_lowest = current;
+ } else {
+ current_lowest_struct = current;
+ }
lowest = current->objectclass->subClass_order;
}
}
+ if (current_lowest == NULL) {
+ current_lowest = current_lowest_struct;
+ }
- if(current_lowest != NULL) {
+ if (current_lowest != NULL) {
DLIST_REMOVE(unsorted,current_lowest);
DLIST_ADD_END(sorted,current_lowest, struct class_list
*);
}
- } while(unsorted);
-
-
- if (!unsorted) {
- *sorted_out = sorted;
- return LDB_SUCCESS;
- }
-
- if (!schema) {
- /* If we don't have schema yet, then just merge the lists again
*/
- DLIST_CONCATENATE(sorted, unsorted, struct class_list *);
- *sorted_out = sorted;
- return LDB_SUCCESS;
}
- /* This shouldn't happen, and would break MMC, perhaps there
- * was no 'top', a conflict in the objectClasses or some other
- * schema error?
- */
- ldb_asprintf_errstring(ldb, "objectclass %s is not a valid objectClass
in objectClass chain", unsorted->objectclass->lDAPDisplayName);
- return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ *sorted_out = sorted;
+ return LDB_SUCCESS;
}
/*
@@ -634,7 +637,8 @@ static int objectclass_do_add(struct oc_context *ac)
/* Make sure its valid to add an object of this type */
objectclass = get_last_structural_class(ac->schema,
- objectclass_element,
ac->req);
+ objectclass_element,
+ true);
if(objectclass == NULL) {
ldb_asprintf_errstring(ldb,
"Failed to find a structural
class for %s",
@@ -1109,7 +1113,7 @@ static int objectclass_do_mod(struct oc_context *ac)
/* Get the new top-most structural object class */
objectclass = get_last_structural_class(ac->schema, oc_el_entry,
- ac->req);
+ false);
if (objectclass == NULL) {
ldb_set_errstring(ldb,
"objectclass: cannot delete all
structural objectclasses!");
@@ -1309,7 +1313,8 @@ static int objectclass_do_rename2(struct oc_context *ac)
/* existing entry without a valid object class? */
return ldb_operr(ldb);
}
- objectclass = get_last_structural_class(ac->schema,
oc_el_entry, ac->req);
+ objectclass = get_last_structural_class(ac->schema, oc_el_entry,
+ false);
if (objectclass == NULL) {
/* existing entry without a valid object class? */
return ldb_operr(ldb);
diff --git a/source4/dsdb/samdb/ldb_modules/schema.c
b/source4/dsdb/samdb/ldb_modules/schema.c
index 51c6a65..f483fd3 100644
--- a/source4/dsdb/samdb/ldb_modules/schema.c
+++ b/source4/dsdb/samdb/ldb_modules/schema.c
@@ -29,14 +29,29 @@
#include "libcli/security/security.h"
#include "dsdb/samdb/ldb_modules/schema.h"
-
-const struct dsdb_class * get_last_structural_class(const struct dsdb_schema
*schema,const struct ldb_message_element *element,
- struct ldb_request *parent)
+/*
+ * This function determines the (last) structural or 88 object class of a
passed
+ * "objectClass" attribute.
+ * Without schema this does not work and hence NULL is returned. If the
+ * "objectClass" attribute has already been sorted then only a check on the
+ * last value is necessary (MS-ADTS 3.1.1.1.4)
+ */
+const struct dsdb_class *get_last_structural_class(const struct dsdb_schema
*schema,
+ const struct
ldb_message_element *element,
+ bool sorted)
{
const struct dsdb_class *last_class = NULL;
- unsigned int i;
+ unsigned int i = 0;
+
+ if (schema == NULL) {
+ return NULL;
+ }
+
+ if (sorted && (element->num_values > 1)) {
+ i = element->num_values - 1;
+ }
- for (i = 0; i < element->num_values; i++){
+ for (; i < element->num_values; i++){
const struct dsdb_class *tmp_class =
dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
if(tmp_class == NULL) {
diff --git a/source4/dsdb/tests/python/dirsync.py
b/source4/dsdb/tests/python/dirsync.py
index c8027fc..d6a21a9 100755
--- a/source4/dsdb/tests/python/dirsync.py
+++ b/source4/dsdb/tests/python/dirsync.py
@@ -247,14 +247,14 @@ class SimpleDirsyncTests(DirsyncBaseTests):
# We don't return an entry if asked for objectGUID
res = self.ldb_admin.search(self.base_dn,
- expression="dn=%s" % self.base_dn,
+ expression="(distinguishedName=%s)" %
str(self.base_dn),
attrs=["objectGUID"],
controls=["dirsync:1:0:1"])
self.assertEquals(len(res.msgs), 0)
# a request on the root of a NC didn't return parentGUID
res = self.ldb_admin.search(self.base_dn,
- expression="dn=%s" % self.base_dn,
+ expression="(distinguishedName=%s)" %
str(self.base_dn),
attrs=["name"],
controls=["dirsync:1:0:1"])
self.assertTrue(res.msgs[0].get("objectGUID") != None)
@@ -319,21 +319,21 @@ class SimpleDirsyncTests(DirsyncBaseTests):
def test_dirsync_with_controls(self):
"""Check that dirsync return correct informations when dealing with
the NC"""
res = self.ldb_admin.search(self.base_dn,
- expression="(dn=%s)" % str(self.base_dn),
+ expression="(distinguishedName=%s)" %
str(self.base_dn),
attrs=["name"],
controls=["dirsync:1:0:10000",
"extended_dn:1", "show_deleted:1"])
def test_dirsync_basenc(self):
"""Check that dirsync return correct informations when dealing with
the NC"""
res = self.ldb_admin.search(self.base_dn,
- expression="(dn=%s)" % str(self.base_dn),
+ expression="(distinguishedName=%s)" %
str(self.base_dn),
attrs=["name"],
controls=["dirsync:1:0:10000"])
self.assertEqual(len(res.msgs), 1)
self.assertEqual(len(res.msgs[0]), 3)
res = self.ldb_admin.search(self.base_dn,
- expression="(dn=%s)" % str(self.base_dn),
+ expression="(distinguishedName=%s)" %
str(self.base_dn),
attrs=["ntSecurityDescriptor"],
controls=["dirsync:1:0:10000"])
self.assertEqual(len(res.msgs), 1)
diff --git a/source4/dsdb/tests/python/ldap.py
b/source4/dsdb/tests/python/ldap.py
index 61443ef..5ca4c26 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -433,6 +433,21 @@ class BasicTests(samba.tests.TestCase):
"objectClass")
ldb.modify(m)
+ # Add a new auxiliary object class "posixAccount" to "ldaptestuser"
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement("posixAccount", FLAG_MOD_ADD,
+ "objectClass")
+ ldb.modify(m)
+
+ # Be sure that "top" is the first and the (most) structural object
class
+ # the last value of the "objectClass" attribute - MS-ADTS 3.1.1.1.4
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["objectClass"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["objectClass"][0], "top")
+ self.assertEquals(res[0]["objectClass"][len(res[0]["objectClass"])-1],
"user")
+
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
def test_system_only(self):
@@ -1913,20 +1928,13 @@ servicePrincipalName: host/ldaptest2computer29
res =
ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
self.assertEquals(len(res), 0,
"(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
- # This is a Samba special, and does not exist in real AD
- # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," +
self.base_dn + ")"
- # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn
+ ")")
- # if (res.error != 0 || len(res) != 1) {
- # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," +
self.base_dn + ")"
- # self.assertEquals(len(res), 1)
- # }
- # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," +
self.base_dn))
- # self.assertEquals(res[0].cn, "ldaptestUSER3")
- # self.assertEquals(res[0].name, "ldaptestUSER3")
+ print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," +
self.base_dn + ") - should not work"
+ res = ldb.search(expression="(dn=CN=ldaptestUSER3,CN=Users," +
self.base_dn + ")")
+ self.assertEquals(len(res), 0, "Could find
(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
print "Testing ldb.search for
(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
res =
ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," +
self.base_dn + ")")
- self.assertEquals(len(res), 1, "Could not find
(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
+ self.assertEquals(len(res), 1, "Could not find
(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," +
self.base_dn))
self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
diff --git a/source4/scripting/bin/rebuildextendeddn
b/source4/scripting/bin/rebuildextendeddn
index 5ab90c9..5a0ab12 100755
--- a/source4/scripting/bin/rebuildextendeddn
+++ b/source4/scripting/bin/rebuildextendeddn
@@ -119,7 +119,7 @@ def rebuild_en_dn(credentials,session_info,paths):
saveatt.append(str(res[i][att][j]))
m[att] = ldb.MessageElement(saveatt, ldb.FLAG_MOD_REPLACE, att)
sam_ldb.modify(m)
- res3 =
sam_ldb.search(expression="(&(dn=%s)(%s=*))"%(dn,att),scope=SCOPE_SUBTREE,
attrs=[att],controls=["search_options:1:2"])
+ res3 =
sam_ldb.search(expression="(&(distinguishedName=%s)(%s=*))"%(dn,att),scope=SCOPE_SUBTREE,
attrs=[att],controls=["search_options:1:2"])
if( len(res3) == 0 or (len(res3[0][att])!= len(saveatt))):
print >>sys.stderr, str(dn) + " has no attr " +att+ " or a
wrong value"
for satt in saveatt:
diff --git a/source4/scripting/bin/renamedc b/source4/scripting/bin/renamedc
index 9d6f5c4..1fa19b2 100755
--- a/source4/scripting/bin/renamedc
+++ b/source4/scripting/bin/renamedc
@@ -114,7 +114,7 @@ if __name__ == '__main__':
ldbs.sam.modify(msg)
# Do a self join one more time to resync the secrets file
- res = ldbs.sam.search(expression=("dn=%s" % newdn),
+ res = ldbs.sam.search(expression=("distinguishedName=%s" % newdn),
attrs=["msDs-keyVersionNumber", "serverReferenceBL"])
assert(len(res) == 1)
kvno = int(str(res[0]["msDs-keyVersionNumber"]))
diff --git a/source4/scripting/bin/upgradeprovision
b/source4/scripting/bin/upgradeprovision
index e578c14..344d7f5 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -513,12 +513,12 @@ def handle_special_add(samdb, dn, names):
"CN=WellKnown Security Principals,"
"CN=Configuration,%s" % names.rootdn)
- res = samdb.search(expression="(dn=%s)" % oldDn,
+ res = samdb.search(expression="(distinguishedName=%s)" % oldDn,
base=str(names.rootdn),
scope=SCOPE_SUBTREE, attrs=["dn"],
controls=["search_options:1:2"])
- res2 = samdb.search(expression="(dn=%s)" % dn,
+ res2 = samdb.search(expression="(distinguishedName=%s)" % dn,
base=str(names.rootdn),
scope=SCOPE_SUBTREE, attrs=["dn"],
controls=["search_options:1:2"])
@@ -538,7 +538,7 @@ def handle_special_add(samdb, dn, names):
if len(res) == 0:
return 2
- res = samdb.search(expression="(dn=%s)" % dntoremove,
+ res = samdb.search(expression="(distinguishedName=%s)" % dntoremove,
base=str(names.rootdn),
scope=SCOPE_SUBTREE, attrs=["dn"],
controls=["search_options:1:2"])
@@ -604,8 +604,9 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn,
hash, index):
return True
- reference = ref_samdb.search(expression="dn=%s" % (str(dn)), base=basedn,
- scope=SCOPE_SUBTREE, controls=["search_options:1:2"])
+ reference = ref_samdb.search(expression="(distinguishedName=%s)" %
(str(dn)),
+ base=basedn, scope=SCOPE_SUBTREE,
+ controls=["search_options:1:2"])
empty = Message()
delta = samdb.msg_diff(empty, reference[0])
delta.dn
@@ -1029,10 +1030,10 @@ def update_present(ref_samdb, samdb, basedn,
listPresent, usns):
if usns is not None:
message(CHANGE, "Using replPropertyMetadata for change selection")
for dn in listPresent:
- reference = ref_samdb.search(expression="dn=%s" % (str(dn)),
base=basedn,
+ reference = ref_samdb.search(expression="(distinguishedName=%s)" %
(str(dn)), base=basedn,
scope=SCOPE_SUBTREE,
controls=controls)
- current = samdb.search(expression="dn=%s" % (str(dn)), base=basedn,
+ current = samdb.search(expression="(distinguishedName=%s)" %
(str(dn)), base=basedn,
scope=SCOPE_SUBTREE, controls=controls)
if (
@@ -1043,7 +1044,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent,
usns):
"Renaming %s to %s" % (str(current[0].dn),
str(reference[0].dn)))
identic_rename(samdb, reference[0].dn)
- current = samdb.search(expression="dn=%s" % (str(dn)), base=basedn,
+ current = samdb.search(expression="(distinguishedName=%s)" %
(str(dn)), base=basedn,
scope=SCOPE_SUBTREE,
controls=controls)
@@ -1064,7 +1065,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent,
usns):
if nb_items > 1 and usns is not None:
# Fetch the replPropertyMetaData
- res = samdb.search(expression="dn=%s" % (str(dn)), base=basedn,
+ res = samdb.search(expression="(distinguishedName=%s)" %
(str(dn)), base=basedn,
scope=SCOPE_SUBTREE, controls=controls,
attrs=["replPropertyMetaData"])
ctr = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
@@ -1361,7 +1362,7 @@ def rebuild_sd(samdb, names):
return
def hasATProvision(samdb):
- entry = samdb.search(expression="dn=@PROVISION", base = "",
+ entry = samdb.search(expression="(distinguishedName=@PROVISION)", base
= "",
scope=SCOPE_BASE,
attrs=["dn"])
@@ -1372,7 +1373,7 @@ def hasATProvision(samdb):
def removeProvisionUSN(samdb):
attrs = [samba.provision.LAST_PROVISION_USN_ATTRIBUTE, "dn"]
- entry = samdb.search(expression="dn=@PROVISION", base = "",
+ entry = samdb.search(expression="(distinguishedName=@PROVISION)", base
= "",
scope=SCOPE_BASE,
attrs=attrs)
empty = Message()
diff --git a/source4/scripting/devel/addlotscontacts
b/source4/scripting/devel/addlotscontacts
index cc073a3..edf54b0 100644
--- a/source4/scripting/devel/addlotscontacts
+++ b/source4/scripting/devel/addlotscontacts
@@ -63,7 +63,7 @@ if __name__ == '__main__':
paths, smbconf, lp)
contactdn = "OU=Contacts,%s" % str(names.domaindn)
- res = ldbs.sam.search(expression="(dn=%s)" % contactdn,
+ res = ldbs.sam.search(expression="(distinguishedName=%s)" % contactdn,
base=str(names.domaindn),
scope=SCOPE_BASE)
diff --git a/source4/scripting/python/samba/idmap.py
b/source4/scripting/python/samba/idmap.py
index ac87cbb..b651b20 100644
--- a/source4/scripting/python/samba/idmap.py
+++ b/source4/scripting/python/samba/idmap.py
@@ -54,7 +54,7 @@ class IDmapDB(samba.Ldb):
:return xid can that be used for SID/unixid mapping
"""
- res = self.search(expression="dn=CN=CONFIG", base="",
+ res = self.search(expression="distinguishedName=CN=CONFIG", base="",
scope=ldb.SCOPE_SUBTREE)
id = res[0].get("xidNumber")
flag = ldb.FLAG_MOD_REPLACE
diff --git a/source4/scripting/python/samba/provision/__init__.py
b/source4/scripting/python/samba/provision/__init__.py
index d00c3de..d138c9e 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -798,7 +798,7 @@ def secretsdb_self_join(secretsdb, domain,
# but we don't delete the old record that we are about to modify,
# because that would delete the keytab and previous password.
res = secretsdb.search(base="cn=Primary Domains", attrs=attrs,
-
expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(dn=%s)))"
% (domain, realm, str(domainsid), str(msg.dn))),
+
expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(distinguishedName=%s)))"
% (domain, realm, str(domainsid), str(msg.dn))),
--
Samba Shared Repository
