s4-dsdb: fixed filtering of tokengroups

author Andrew Tridgell <tridge@samba.org>

Thu, 13 Jan 2011 23:41:47 +0000 (10:41 +1100)

committer Andrew Tridgell <tridge@samba.org>

Fri, 14 Jan 2011 05:39:33 +0000 (16:39 +1100)
author Andrew Tridgell <tridge@samba.org>
Thu, 13 Jan 2011 23:41:47 +0000 (10:41 +1100)
committer Andrew Tridgell <tridge@samba.org>
Fri, 14 Jan 2011 05:39:33 +0000 (16:39 +1100)
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c

index 8604a27b9f0decdfd702e47b060f5ee826aff409..a1b5a2e94bad2fadedf903b6261f5521064ffeb8 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -186,11 +186,9 @@ static int construct_token_groups(struct ldb_module *module,
                 return ldb_oom(ldb);
         }
  
-       /* Filter out builtin groups from this token.  We will search
-        * for builtin groups later, and not include them in the
-        * tokenGroups (and therefore the PAC or SamLogon validation
-        * info) */
-       filter = talloc_asprintf(tmp_ctx, "(&(objectClass=group)(!(groupType:1.2.840.113556.1.4.803:=%u))(groupType:1.2.840.113556.1.4.803:=%u))", GROUP_TYPE_BUILTIN_LOCAL_GROUP, GROUP_TYPE_SECURITY_ENABLED);
+       /* only return security groups */
+       filter = talloc_asprintf(tmp_ctx, "(&(objectClass=group)(groupType:1.2.840.113556.1.4.803:=%u))",
+                                GROUP_TYPE_SECURITY_ENABLED);
         if (!filter) {
                 talloc_free(tmp_ctx);
                 return ldb_oom(ldb);
author	Andrew Tridgell <tridge@samba.org>
	Thu, 13 Jan 2011 23:41:47 +0000 (10:41 +1100)
committer	Andrew Tridgell <tridge@samba.org>
	Fri, 14 Jan 2011 05:39:33 +0000 (16:39 +1100)