From: Gary Lockyer <gary@catalyst.net.nz>
Date: Sun, 26 Nov 2017 22:11:19 +0000 (+1300)
Subject: source4 dsdb: Allow duplicate non local objectSIDs
X-Git-Tag: talloc-2.1.11~259
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=704bbae25c07c08c051a66ae0a83fb5abda373f1;p=thirdparty%2Fsamba.git

source4 dsdb: Allow duplicate non local objectSIDs

Remove the unique constraint on the objectSID index, and enable the
unique_object_sids module.

This allows duplicate objectSIDs on foreign security principals, and
disallows duplicates for local objectSIDs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
---

diff --git a/selftest/knownfail.d/dsdb b/selftest/knownfail.d/dsdb
deleted file mode 100644
index 276b72d22d3..00000000000
--- a/selftest/knownfail.d/dsdb
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.dsdb.samba.tests.dsdb.DsdbTests.test_duplicate_objectSIDs_allowed_on_foreign_security_principals\(
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 9098b52f816..87d65bd8c2b 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -295,6 +295,7 @@ static int samba_dsdb_init(struct ldb_module *module)
 		"subtree_delete",
 		"repl_meta_data",
 		"operational",
+		"unique_object_sids",
 		"subtree_rename",
 		"linked_attributes",
 		NULL};
diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index c76b57cb4a9..dbd504549d7 100644
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -461,7 +461,7 @@ WERROR dsdb_read_prefixes_from_ldb(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
  */
 static bool dsdb_schema_unique_attribute(const char *attr)
 {
-	const char *attrs[] = { "objectGUID", "objectSid" , NULL };
+	const char *attrs[] = { "objectGUID", NULL };
 	unsigned int i;
 	for (i=0;attrs[i];i++) {
 		if (ldb_attr_cmp(attr, attrs[i]) == 0) {