From 827362559567833a64c412e79190fd878cd21d3a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 20 Nov 2014 14:21:06 +0100
Subject: [PATCH 1/2] s4:dsdb/rootdse: expand extended dn values with the
 AS_SYSTEM control

Otherwise we can't find the GUID of the 'serverName' attribute
as ANONYMOUS.

This results in

  root@ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base --extended-dn serverName
  search error - LDAP error 1 LDAP_OPERATIONS_ERROR -  <00002020: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <>

While it works as system:

  root@ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b '' -s base --extended-dn serverName
  # record 1
  dn:
  serverName: <GUID=348c35e1-04e3-4988-a32c-32478d584551>;CN=UB1204-161,CN=Serve
   rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base

  # returned 1 records
  # 1 entries
  # 0 referrals

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10949

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit a6ecef4532e4529a819219cd814e2979c2df0797)
---
 source4/dsdb/samdb/ldb_modules/rootdse.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index b13dc9e..111266f 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -142,10 +142,8 @@ static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *m
 			return ret;
 		}
 
-
-		ret = ldb_request_add_control(req2,
-					LDB_CONTROL_EXTENDED_DN_OID,
-					edn_control->critical, edn);
+		ret = dsdb_request_add_controls(req2, DSDB_FLAG_AS_SYSTEM |
+						DSDB_SEARCH_SHOW_EXTENDED_DN);
 		if (ret != LDB_SUCCESS) {
 			talloc_free(tmp_ctx);
 			return ldb_error(ldb, ret, "Failed to add control");
-- 
1.9.1


From 03ef0caf50c2a2d5488f96d8c3b28dbff4f56656 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 21 Nov 2014 14:11:54 +0100
Subject: [PATCH 2/2] testprogs/test_ldb: check rootdse search with extended-dn
 control
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Verifies BUG: https://bugzilla.samba.org/show_bug.cgi?id=10949

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Dec 12 20:15:46 CET 2014 on sn-devel-104

(cherry picked from commit 7e81fe282540a5b52dcb8c5396321a67733790d2)
---
 testprogs/blackbox/test_ldb.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/testprogs/blackbox/test_ldb.sh b/testprogs/blackbox/test_ldb.sh
index f326672..60bad44 100755
--- a/testprogs/blackbox/test_ldb.sh
+++ b/testprogs/blackbox/test_ldb.sh
@@ -37,6 +37,8 @@ export PATH="$BINDIR:$PATH"
 ldbsearch="$VALGRIND ldbsearch"
 
 check "RootDSE" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base DUMMY=x dnsHostName highestCommittedUSN || failed=`expr $failed + 1`
+check "RootDSE (full)" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base '(objectClass=*)' || failed=`expr $failed + 1`
+check "RootDSE (extended)" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base '(objectClass=*)' --extended-dn || failed=`expr $failed + 1`
 
 echo "Getting defaultNamingContext"
 BASEDN=`$ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}'`
-- 
1.9.1