LDB/s4 - do not use the "(dn=...)" syntax on filters anymore

Make it AD-compatible using "(distinguishedName=...)".

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

source4/scripting/python/samba/idmap.py

@@ -54,7 +54,7 @@ class IDmapDB(samba.Ldb):
 
         :return xid can that be used for SID/unixid mapping
         """
-        res = self.search(expression="dn=CN=CONFIG", base="", 
+        res = self.search(expression="distinguishedName=CN=CONFIG", base="",
                           scope=ldb.SCOPE_SUBTREE)
         id = res[0].get("xidNumber")
         flag = ldb.FLAG_MOD_REPLACE

source4/scripting/python/samba/provision/__init__.py

@@ -798,7 +798,7 @@ def secretsdb_self_join(secretsdb, domain,
     # but we don't delete the old record that we are about to modify,
     # because that would delete the keytab and previous password.
     res = secretsdb.search(base="cn=Primary Domains", attrs=attrs,
-        expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(dn=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
+        expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(distinguishedName=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
         scope=ldb.SCOPE_ONELEVEL)
 
     for del_msg in res:

source4/scripting/python/samba/samdb.py

@@ -462,7 +462,7 @@ unicodePwd:: %s
 
             if force_change_at_next_login:
                 self.force_password_change_at_next_login(
-                  "(dn=" + str(user_dn) + ")")
+                  "(distinguishedName=" + str(user_dn) + ")")
 
             #  modify the userAccountControl to remove the disabled bit
             self.enable_account(search_filter)
@@ -662,7 +662,7 @@ accountExpires: %u
             for the given attribute. None if the attribute is not replicated
         """
 
-        res = self.search(expression="dn=%s" % dn,
+        res = self.search(expression="distinguishedName=%s" % dn,
                             scope=ldb.SCOPE_SUBTREE,
                             controls=["search_options:1:2"],
                             attrs=["replPropertyMetaData"])
@@ -684,7 +684,7 @@ accountExpires: %u
 
     def set_attribute_replmetadata_version(self, dn, att, value,
             addifnotexist=False):
-        res = self.search(expression="dn=%s" % dn,
+        res = self.search(expression="distinguishedName=%s" % dn,
                             scope=ldb.SCOPE_SUBTREE,
                             controls=["search_options:1:2"],
                             attrs=["replPropertyMetaData"])

source4/scripting/python/samba/upgradehelpers.py

@@ -466,9 +466,9 @@ def update_secrets(newsecrets_ldb, secrets_ldb, messagefunc):
             listPresent.append(hash_new[k])
 
     for entry in listMissing:
-        reference = newsecrets_ldb.search(expression="dn=%s" % entry,
+        reference = newsecrets_ldb.search(expression="distinguishedName=%s" % entry,
                                             base="", scope=SCOPE_SUBTREE)
-        current = secrets_ldb.search(expression="dn=%s" % entry,
+        current = secrets_ldb.search(expression="distinguishedName=%s" % entry,
                                             base="", scope=SCOPE_SUBTREE)
         delta = secrets_ldb.msg_diff(empty, reference[0])
         for att in hashAttrNotCopied:
@@ -481,9 +481,9 @@ def update_secrets(newsecrets_ldb, secrets_ldb, messagefunc):
         secrets_ldb.add(delta)
 
     for entry in listPresent:
-        reference = newsecrets_ldb.search(expression="dn=%s" % entry,
+        reference = newsecrets_ldb.search(expression="distinguishedName=%s" % entry,
                                             base="", scope=SCOPE_SUBTREE)
-        current = secrets_ldb.search(expression="dn=%s" % entry, base="",
+        current = secrets_ldb.search(expression="distinguishedName=%s" % entry, base="",
                                             scope=SCOPE_SUBTREE)
         delta = secrets_ldb.msg_diff(current[0], reference[0])
         for att in hashAttrNotCopied:
@@ -497,9 +497,9 @@ def update_secrets(newsecrets_ldb, secrets_ldb, messagefunc):
                 delta.remove(att)
 
     for entry in listPresent:
-        reference = newsecrets_ldb.search(expression="dn=%s" % entry, base="",
+        reference = newsecrets_ldb.search(expression="distinguishedName=%s" % entry, base="",
                                             scope=SCOPE_SUBTREE)
-        current = secrets_ldb.search(expression="dn=%s" % entry, base="",
+        current = secrets_ldb.search(expression="distinguishedName=%s" % entry, base="",
                                             scope=SCOPE_SUBTREE)
         delta = secrets_ldb.msg_diff(current[0], reference[0])
         for att in hashAttrNotCopied:
@@ -678,7 +678,7 @@ def delta_update_basesamdb(refsampath, sampath, creds, session, lp, message):
     reference = refsam.search(expression="")
 
     for refentry in reference:
-        entry = sam.search(expression="dn=%s" % refentry["dn"],
+        entry = sam.search(expression="distinguishedName=%s" % refentry["dn"],
                             scope=SCOPE_SUBTREE)
         if not len(entry):
             delta = sam.msg_diff(empty, refentry)