struct ldb_request *add_req;
struct ldb_message_element *objectclass_element, *el;
struct ldb_message *msg;
- struct ldb_control *as_system = ldb_request_get_control(ac->req,
- LDB_CONTROL_AS_SYSTEM_OID);
TALLOC_CTX *mem_ctx;
struct class_list *sorted, *current;
const char *rdn_name = NULL;
bool found;
int ret;
- if (as_system != NULL) {
- as_system->critical = 0;
- }
-
msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
if (msg == NULL) {
return ldb_module_oom(ac->module);
/* LSA-specific objectclasses per default not allowed */
if (((strcmp(value, "secret") == 0) ||
(strcmp(value, "trustedDomain") == 0)) &&
- !(dsdb_module_am_system(ac->module) || as_system)) {
+ ldb_req_is_untrusted(ac->req)) {
ldb_asprintf_errstring(ldb,
"objectclass: object class '%s' is LSA-specific, rejecting creation of '%s'!",
value,
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
/* create the trusted_domain */
- ret = dsdb_add(sam_ldb, msg, DSDB_FLAG_AS_SYSTEM);
+ ret = ldb_add(sam_ldb, msg);
switch (ret) {
case LDB_SUCCESS:
break;
secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
/* create the secret */
- ret = dsdb_add(secret_state->sam_ldb, msg, DSDB_FLAG_AS_SYSTEM);
+ ret = ldb_add(secret_state->sam_ldb, msg);
if (ret != LDB_SUCCESS) {
DEBUG(0,("Failed to create secret record %s: %s\n",
ldb_dn_get_linearized(msg->dn),