ldb_asprintf_errstring(ldb, "Attribute %s already exists for target GUID %s",
el->name, GUID_string(tmp_ctx, p->guid));
talloc_free(tmp_ctx);
- return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+ /* error codes for 'member' need to be
+ special cased */
+ if (ldb_attr_cmp(el->name, "member") == 0) {
+ return LDB_ERR_ENTRY_ALREADY_EXISTS;
+ } else {
+ return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+ }
}
ret = replmd_update_la_val(old_el->values, p->v, dns[i].dsdb_dn, p->dsdb_dn,
invocation_id, seq_num, seq_num, now, 0, false);
if (!p2) {
ldb_asprintf_errstring(ldb, "Attribute %s doesn't exist for target GUID %s",
el->name, GUID_string(tmp_ctx, p->guid));
- return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ if (ldb_attr_cmp(el->name, "member") == 0) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ } else {
+ return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ }
}
rmd_flags = dsdb_dn_rmd_flags(p2->dsdb_dn->dn);
if (rmd_flags & DSDB_RMD_FLAG_DELETED) {
ldb_asprintf_errstring(ldb, "Attribute %s already deleted for target GUID %s",
el->name, GUID_string(tmp_ctx, p->guid));
- return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ if (ldb_attr_cmp(el->name, "member") == 0) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ } else {
+ return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ }
}
}
struct ldb_result *res;
struct dom_sid *group_sid;
unsigned int i, j;
- int cnt;
int ret;
/* Fetch information from the existing object */
el = &ac->msg->elements[i];
for (j = 0; j < el->num_values; j++) {
- struct ldb_message_element *mo;
struct ldb_result *group_res;
const char *group_attrs[] = { "primaryGroupID" , NULL };
uint32_t prim_group_rid;
return ldb_operr(ldb);
}
- /* The "member" attribute can be modified with the
- * following restrictions (beside a valid DN):
- *
- * - "add" operations can only be performed when the
- * member still doesn't exist - if not then return
- * ERR_ENTRY_ALREADY_EXISTS (not
- * ERR_ATTRIBUTE_OR_VALUE_EXISTS!)
- * - "delete" operations can only be performed when the
- * member does exist - if not then return
- * ERR_UNWILLING_TO_PERFORM (not
- * ERR_NO_SUCH_ATTRIBUTE!)
- * - primary group check
- */
- mo = samdb_find_attribute(ldb, res->msgs[0], "member",
- ldb_dn_get_linearized(member_dn));
- if (mo == NULL) {
- cnt = 0;
- } else {
- cnt = 1;
- }
-
- if ((cnt > 0) && (LDB_FLAG_MOD_TYPE(el->flags)
- == LDB_FLAG_MOD_ADD)) {
- return LDB_ERR_ENTRY_ALREADY_EXISTS;
- }
- if ((cnt == 0) && LDB_FLAG_MOD_TYPE(el->flags)
- == LDB_FLAG_MOD_DELETE) {
- return LDB_ERR_UNWILLING_TO_PERFORM;
- }
-
/* Denies to add "member"s to groups which are primary
* ones for them - in this case return
* ERR_ENTRY_ALREADY_EXISTS. */
}
if (dom_sid_equal(group_sid, sid)) {
+ ldb_asprintf_errstring(ldb,
+ "samldb: member %s already set via primaryGroupID %u",
+ ldb_dn_get_linearized(member_dn), prim_group_rid);
return LDB_ERR_ENTRY_ALREADY_EXISTS;
}
}