samldb: Add useful error string to explain why a group may not be deleted.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index a46fd3735c8f6fc0d0d6fbd75b6075ada4c7f353..f6fe6185aa4f927d9f7332b94fcaabd4216967d8 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -3872,7 +3872,8 @@ static int samldb_prim_group_users_check(struct samldb_ctx *ac)
        uint32_t rid;
        NTSTATUS status;
        int ret;
-       struct ldb_result *res;
+       struct ldb_result *res = NULL;
+       struct ldb_result *res_users = NULL;
        const char * const attrs[] = { "objectSid", "isDeleted", NULL };
        const char * const noattrs[] = { NULL };
 
@@ -3911,7 +3912,7 @@ static int samldb_prim_group_users_check(struct samldb_ctx *ac)
        }
 
        /* Deny delete requests from groups which are primary ones */
-       ret = dsdb_module_search(ac->module, ac, &res,
+       ret = dsdb_module_search(ac->module, ac, &res_users,
                                 ldb_get_default_basedn(ldb),
                                 LDB_SCOPE_SUBTREE, noattrs,
                                 DSDB_FLAG_NEXT_MODULE,
@@ -3920,7 +3921,14 @@ static int samldb_prim_group_users_check(struct samldb_ctx *ac)
        if (ret != LDB_SUCCESS) {
                return ret;
        }
-       if (res->count > 0) {
+       if (res_users->count > 0) {
+               ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+                                      "Refusing to delete %s, as it "
+                                      "is still the primaryGroupID "
+                                      "for %u users",
+                                      ldb_dn_get_linearized(res->msgs[0]->dn),
+                                      res_users->count);
+
                return LDB_ERR_ENTRY_ALREADY_EXISTS;
        }