pdb_ldap: Do not skip accounts without a sambaAcctFlags value

We allow this to mean a sambaAcctFlags value of zero in other parts of the code
and by allowing these users to show up in a search, we can read and correct them
during the classicupgrade, rather than not know they exist at all.

Most parts of the code do not look for ACB_NORMAL, which is why
these users appear to work.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index dc6a9c3239ae0e2d80853b4ea8e287bbc973ae17..0905ab4eeb0dd65c07e334eac85e246bfc9a674b 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -4452,11 +4452,11 @@ static bool ldapuser2displayentry(struct ldap_search_state *state,
 
        vals = ldap_get_values(ld, entry, "sambaAcctFlags");
        if ((vals == NULL) || (vals[0] == NULL)) {
-               DEBUG(5, ("\"sambaAcctFlags\" not found\n"));
-               return False;
+               acct_flags = ACB_NORMAL;
+       } else {
+               acct_flags = pdb_decode_acct_ctrl(vals[0]);
+               ldap_value_free(vals);
        }
-       acct_flags = pdb_decode_acct_ctrl(vals[0]);
-       ldap_value_free(vals);
 
        if ((state->acct_flags != 0) &&
            ((state->acct_flags & acct_flags) == 0))