python-s4: use secrets.ldb instead of sam.ldb for reading domain SID

  This allow to be able to run net acl set xxx yyy on DC, but also on domain
  member.

Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>

diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py
index a96593ef0c84be3da381b7feffb4fedff21dd555..8c0803f5f5d523fd20a1b01b875a414c673ec745 100644 (file)
--- a/source4/scripting/python/samba/netcmd/ntacl.py
+++ b/source4/scripting/python/samba/netcmd/ntacl.py
@@ -61,7 +61,7 @@ class cmd_acl_set(Command):
             credopts=None, sambaopts=None, versionopts=None):
                lp = sambaopts.get_loadparm()
                creds = credopts.get_credentials(lp)
-               path = os.path.join(lp.get("private dir"), lp.get("sam database") or "samdb.ldb")
+               path = os.path.join(lp.get("private dir"), lp.get("secrets database") or "secrets.ldb")
                creds = credopts.get_credentials(lp)
                creds.set_kerberos_state(DONT_USE_KERBEROS)
                try:
@@ -71,7 +71,7 @@ class cmd_acl_set(Command):
                        sys.exit(1)
                attrs = ["objectSid"]
                print lp.get("realm")
-               res = ldb.search(expression="(objectClass=*)",base="DC=%s"%lp.get("realm").lower().replace(".",",DC="), scope=SCOPE_BASE, attrs=attrs)
+               res = ldb.search(expression="(objectClass=*)",base="flatname=%s,cn=Primary Domains"%lp.get("workgroup"), scope=SCOPE_BASE, attrs=attrs)
                if len(res) !=0:
                        domainsid = ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
                        setntacl(lp,file,acl,str(domainsid),xattr_backend,eadb_file)