s4-dsdb: allow objectsid to be specified in a modification operation

if we have the provision control, it's used by dbcheck

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 6533d1006ba5f5d6c795b8c81ac57680926faa26..a61920f2af91db8d6a11cf95ebf36e3cf4fbb0eb 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -2035,9 +2035,11 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
        /* make sure that "objectSid" is not specified */
        el = ldb_msg_find_element(req->op.mod.message, "objectSid");
        if (el != NULL) {
-               ldb_set_errstring(ldb,
-                                 "samldb: objectSid must not be specified!");
-               return LDB_ERR_UNWILLING_TO_PERFORM;
+               if (ldb_request_get_control(req, LDB_CONTROL_PROVISION_OID) == NULL) {
+                       ldb_set_errstring(ldb,
+                                         "samldb: objectSid must not be specified!");
+                       return LDB_ERR_UNWILLING_TO_PERFORM;
+               }
        }
        /* make sure that "sAMAccountType" is not specified */
        el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType");