s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated...

This should avoid colliion with newly added objects that use the same
SID as existing users in the upgraded provision.

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>

diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 9d29d4a76bc8f75d66a6f59856f3304322893a88..48c4ce63b89ff83eaea5e40bb9a756beb7022d42 100755 (executable)
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -516,6 +516,11 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index):
     empty = Message()
     delta = samdb.msg_diff(empty, reference[0])
     delta.dn
+    if delta.get("objectSid"):
+        sid = str(ndr_unpack(security.dom_sid, str(reference[0]["objectSid"])))
+        m = re.match(r".*-(\d+)$", sid)
+        if m and int(m.group(1))>999:
+            delta.remove("objectSid")
     for att in hashAttrNotCopied.keys():
         delta.remove(att)
     for att in backlinked:
@@ -533,6 +538,7 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index):
     delta.dn = dn
     message(CHANGE,"Object %s will be added" % dn)
     samdb.add(delta, ["relax:0"])
+
     return True
 
 def gen_dn_index_hash(listMissing):