struct ldb_result *res, *group_res;
struct ldb_message_element *el;
struct ldb_message *msg;
+ uint32_t search_flags =
+ DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_EXTENDED_DN;
uint32_t prev_rid, new_rid, uac;
struct dom_sid *prev_sid, *new_sid;
struct ldb_dn *prev_prim_group_dn, *new_prim_group_dn;
+ const char *new_prim_group_dn_ext_str = NULL;
+ struct ldb_dn *user_dn = NULL;
+ const char *user_dn_ext_str = NULL;
int ret;
const char * const noattrs[] = { NULL };
/* Fetch information from the existing object */
ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, attrs,
- DSDB_FLAG_NEXT_MODULE, ac->req);
+ search_flags, ac->req);
if (ret != LDB_SUCCESS) {
return ret;
}
+ user_dn = res->msgs[0]->dn;
+ user_dn_ext_str = ldb_dn_get_extended_linearized(ac, user_dn, 1);
+ if (user_dn_ext_str == NULL) {
+ return ldb_operr(ldb);
+ }
uac = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);
ret = dsdb_module_search(ac->module, ac, &group_res,
ldb_get_default_basedn(ldb),
LDB_SCOPE_SUBTREE,
- noattrs, DSDB_FLAG_NEXT_MODULE,
+ noattrs, search_flags,
ac->req,
"(objectSid=%s)",
ldap_encode_ndr_dom_sid(ac, prev_sid));
ret = dsdb_module_search(ac->module, ac, &group_res,
ldb_get_default_basedn(ldb),
LDB_SCOPE_SUBTREE,
- noattrs, DSDB_FLAG_NEXT_MODULE,
+ noattrs, search_flags,
ac->req,
"(objectSid=%s)",
ldap_encode_ndr_dom_sid(ac, new_sid));
return LDB_ERR_UNWILLING_TO_PERFORM;
}
new_prim_group_dn = group_res->msgs[0]->dn;
+ new_prim_group_dn_ext_str = ldb_dn_get_extended_linearized(ac,
+ new_prim_group_dn, 1);
+ if (new_prim_group_dn_ext_str == NULL) {
+ return ldb_operr(ldb);
+ }
/* We need to be already a normal member of the new primary
* group in order to be successful. */
el = samdb_find_attribute(ldb, res->msgs[0], "memberOf",
- ldb_dn_get_linearized(new_prim_group_dn));
+ new_prim_group_dn_ext_str);
if (el == NULL) {
return LDB_ERR_UNWILLING_TO_PERFORM;
}
}
msg->dn = new_prim_group_dn;
- ret = samdb_msg_add_delval(ldb, msg, msg, "member",
- ldb_dn_get_linearized(ac->msg->dn));
+ ret = samdb_msg_add_delval(ldb, msg, msg, "member", user_dn_ext_str);
if (ret != LDB_SUCCESS) {
return ret;
}
}
msg->dn = prev_prim_group_dn;
- ret = samdb_msg_add_addval(ldb, msg, msg, "member",
- ldb_dn_get_linearized(ac->msg->dn));
+ ret = samdb_msg_add_addval(ldb, msg, msg, "member", user_dn_ext_str);
if (ret != LDB_SUCCESS) {
return ret;
}