Created attachment 11869 [details] patch With Samba 4.4-rc, certain Windows features like `net user %USERNAME% /domain` or the "Advanced Security Settings → Effective Permissions" fail with the error message: "The security database is corrupted." This seems to happen when the user's DN contains a '(', causing dcesrv_samr_GetAliasMembership() to generate an invalid LDAP filter. Attaching a patch based on commit 841845dea35089a187fd1626c9752d708989ac7b, which fixes an identical problem in another function.
Comment on attachment 11869 [details] patch Reviewed-by: Andrew Bartlett <abartlet@samba.org> I'll see about getting this into Samba shortly!
Given the r+, would be nice to see this in Samba 4.5
Fixed in 37ef959f37dc57302ff5824ff3223617863aad3e in 4.5.0rc1