s3:libads: Remove ‘unicodePwd’ attribute from ads_find_machine_acct() search

This attribute was added to the search in commit
4f389c1f78cdc2424795e3b2a1ce43818c400c2d. But it’s not clear to me that
anything actually retrieves the unicodePwd from the result (excluding
inconsequential things like ads_dump()).

Furthermore, this being a search over LDAP, it will never return a
unicodePwd.

Removing this attribute from the search means that we no longer have to
worry about the account possibly being a Group Managed Service Account
and the unicodePwd being out‐of‐date.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index b5139e59cfbdbe7b538ad297feb208e3166a5497..7f3c20746c85c3262be888426c6c43a03c512657 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1687,7 +1687,6 @@ char *ads_parent_dn(const char *dn)
                "DnsHostName",
                "ServicePrincipalName",
                "userPrincipalName",
-               "unicodePwd",
 
                /* Additional attributes Samba checks */
                "msDS-AdditionalDnsHostName",