s4-dsdb: fixed modify of ACLs on deleted objects

this is needed for the dbcheck code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 49152d418a2cae543575c484230a20e2b2353556..12a4028cbe8ad6c11c0dc571af9737872361a62d 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -902,7 +902,8 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
        }
        ret = dsdb_module_search_dn(module, tmp_ctx, &acl_res, req->op.mod.message->dn,
                                    acl_attrs,
-                                   DSDB_FLAG_NEXT_MODULE, req);
+                                   DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_DELETED,
+                                   req);
 
        if (ret != LDB_SUCCESS) {
                goto fail;
@@ -1337,7 +1338,8 @@ static int acl_search_callback(struct ldb_request *req, struct ldb_reply *ares)
                    || ac->sDRightsEffective) {
                        ret = dsdb_module_search_dn(ac->module, ac, &acl_res, ares->message->dn, 
                                                    acl_attrs,
-                                                   DSDB_FLAG_NEXT_MODULE, req);
+                                                   DSDB_FLAG_NEXT_MODULE |
+                                                   DSDB_SEARCH_SHOW_DELETED, req);
                        if (ret != LDB_SUCCESS) {
                                return ldb_module_done(ac->req, NULL, NULL, ret);
                        }