source4 dsdb: Allow duplicate non local objectSIDs

Remove the unique constraint on the objectSID index, and enable the
unique_object_sids module.

This allows duplicate objectSIDs on foreign security principals, and
disallows duplicates for local objectSIDs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/selftest/knownfail.d/dsdb b/selftest/knownfail.d/dsdb
deleted file mode 100644 (file)
index 276b72d..0000000
--- a/selftest/knownfail.d/dsdb
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.dsdb.samba.tests.dsdb.DsdbTests.test_duplicate_objectSIDs_allowed_on_foreign_security_principals\(

diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 9098b52f816464ec0d0b53a8ca01828c990b714f..87d65bd8c2b8fe3832aac353f199b89eacecbf2a 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -295,6 +295,7 @@ static int samba_dsdb_init(struct ldb_module *module)
                "subtree_delete",
                "repl_meta_data",
                "operational",
+               "unique_object_sids",
                "subtree_rename",
                "linked_attributes",
                NULL};

diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index c76b57cb4a93f00d5d944e48474bd364ce615261..dbd504549d72563aafad65026f62b5b1b4fcc135 100644 (file)
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -461,7 +461,7 @@ WERROR dsdb_read_prefixes_from_ldb(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
  */
 static bool dsdb_schema_unique_attribute(const char *attr)
 {
-       const char *attrs[] = { "objectGUID", "objectSid" , NULL };
+       const char *attrs[] = { "objectGUID", NULL };
        unsigned int i;
        for (i=0;attrs[i];i++) {
                if (ldb_attr_cmp(attr, attrs[i]) == 0) {