From 7f4ac1c52b106c7db900fc19a98f69fc221f0055 Mon Sep 17 00:00:00 2001
From: Endi S. Dewata <edewata@redhat.com>
Date: Mon, 28 Jun 2010 10:45:04 -0500
Subject: [PATCH] s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN.

---
 source4/auth/sam.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 894ba37..b0fc9ca 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -319,9 +319,16 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
+
 	status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, (__location__ "when parsing DN %s we failed to find or parse SID component, so we cannot calculate the group token: %s",
+		ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, NULL);
+		dn = res->msgs[0]->dn;
+		status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, (__location__ ": when parsing DN %s we failed to find or parse SID component, so we cannot calculate the group token: %s\n",
 			  ldb_dn_get_extended_linearized(tmp_ctx, dn, 1), 
 			  nt_errstr(status)));
 		talloc_free(tmp_ctx);
-- 
1.6.6.1