dsdb: Use DSDB_SEARCH_SHOW_EXTENDED_DN when searching for the local replicated object

This may allow further processing when the DN normalisation has changed
which changes the indexing, such as seen after fixes for bug 14656.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14656
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14902

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit f621317e3b25a8925ab6e448068264488a0a47c7)

Autobuild-User(v4-13-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-13-test): Wed Dec  8 16:49:25 UTC 2021 on sn-devel-184

diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 5eaebf981417547d8a86c839698f6a442ea80d27..4e60feaf14f2fd4900346795b953876b01587f2b 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -1399,7 +1399,7 @@ static const struct op_attributes_replace search_sub[] = {
        { "tokenGroups", "primaryGroupID", objectSid_attr, construct_token_groups },
        { "tokenGroupsNoGCAcceptable", "primaryGroupID", objectSid_attr, construct_token_groups_no_gc},
        { "tokenGroupsGlobalAndUniversal", "primaryGroupID", objectSid_attr, construct_global_universal_token_groups },
-       { "parentGUID", NULL, NULL, construct_parent_guid },
+       { "parentGUID", "objectGUID", NULL, construct_parent_guid },
        { "subSchemaSubEntry", NULL, NULL, construct_subschema_subentry },
        { "msDS-isRODC", "objectClass", objectCategory_attr, construct_msds_isrodc },
        { "msDS-KeyVersionNumber", "replPropertyMetaData", NULL, construct_msds_keyversionnumber },

diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 58c04da5f53f4d7696e1c1904c70c240b3766812..870185ee1d3d29d3faceac8819766e35a784e22b 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -6923,7 +6923,18 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
                                   ar->req);
        LDB_REQ_SET_LOCATION(search_req);
 
-       ret = dsdb_request_add_controls(search_req, DSDB_SEARCH_SHOW_RECYCLED);
+       /*
+        * We set DSDB_SEARCH_SHOW_EXTENDED_DN to get the GUID on the
+        * DN.  This in turn helps our operational module find the
+        * record by GUID, not DN lookup which is more error prone if
+        * DN indexing changes.  We prefer to keep chasing GUIDs
+        * around if possible, even within a transaction.
+        *
+        * The aim here is to keep replication moving and allow a
+        * reindex later.
+        */
+       ret = dsdb_request_add_controls(search_req, DSDB_SEARCH_SHOW_RECYCLED
+                                       |DSDB_SEARCH_SHOW_EXTENDED_DN);
 
        if (ret != LDB_SUCCESS) {
                return ret;