r8740: Extend the rdn_name module to handle adding the rdn as an attribute. ie:

dn: cn=foo,ou=bar
objectClass: person

implies

dn: cn=foo,ou=bar
objectClass: person
cn: foo
(as well as a pile more default attributes)

We also correct the case in the attirbute to match that in the DN
(win2k3 behaviour) and I have a testsuite (in ejs) to prove it.

This module also found a bug in our provision.ldif, so and reduces
code complexity in the samdb module.

Andrew Bartlett
(This used to be commit 0cc58f5c3cce12341ad0f7a90cdd85a3fab786b3)

5 files changed, 87 insertions, 25 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index f0f44cf4d5..7b82621c8d 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -410,17 +410,6 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
 		return NULL;
 	}
 
-	if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) {
-		if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) {
-			ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad Attribute Syntax for CN\n");
-			return NULL;
-		}
-	} else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */
-		if ( ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) {
-			return NULL;
-		}
-	}
-
 	if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) {
 		struct dom_sid *sid = samldb_get_new_sid(module, msg2, msg2->dn);
 		if (sid == NULL) {
@@ -481,7 +470,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
 		return NULL;
 	}
 	if (strcasecmp(rdn->name, "cn") != 0) {
-		ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad RDN (%s) for group!\n", rdn->name);
+		ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad RDN (%s) for user/computer!\n", rdn->name);
 		return NULL;
 	}
 
@@ -490,17 +479,6 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
 		return NULL;
 	}
 
-	if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) {
-		if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) {
-			ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad Attribute Syntax for CN\n");
-			return NULL;
-		}
-	} else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */
-		if ( ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) {
-			return NULL;
-		}
-	}
-
 	if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) {
 		struct dom_sid *sid;
 		sid = samldb_get_new_sid(module, msg2, msg2->dn);
diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c
index 6a11ab87fe..89cc49eb3e 100644
--- a/source4/lib/ldb/modules/rdn_name.c
+++ b/source4/lib/ldb/modules/rdn_name.c
@@ -88,10 +88,12 @@ static struct ldb_dn_component *get_rdn(void *mem_ctx, const char *dn)
 /* add_record: add crateTimestamp/modifyTimestamp attributes */
 static int rdn_name_add_record(struct ldb_module *module, const struct ldb_message *msg)
 {
+	struct private_data *data = (struct private_data *)module->private_data;
+
 	struct ldb_message *msg2;
 	struct ldb_message_element *attribute;
 	struct ldb_dn_component *rdn;
-	int ret, i;
+	int i, ret;
 
 	ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_add_record\n");
 
@@ -126,6 +128,29 @@ static int rdn_name_add_record(struct ldb_module *module, const struct ldb_messa
 		return -1;
 	}
 
+	attribute = rdn_name_find_attribute(msg2, rdn->name);
+
+	if (!attribute) {
+		if (ldb_msg_add_value(module->ldb, msg2, rdn->name, &rdn->value) != 0) {
+			return -1;
+		}
+	} else {
+		const struct ldb_attrib_handler *handler
+			= ldb_attrib_handler(module->ldb, rdn->name);
+		for (i=0; i < attribute->num_values; i++) {
+			if (handler->comparison_fn(module->ldb, msg2, &rdn->value, &attribute->values[i]) == 0) {
+				/* overwrite so it matches in case */
+				attribute->values[i] = rdn->value;
+				break;
+			}
+		}
+		if (i == attribute->num_values) {
+			data->error_string = talloc_asprintf(data, "RDN mismatch on %s: %s", msg2->dn, rdn->name);
+			ldb_debug(module->ldb, LDB_DEBUG_FATAL, "%s\n", data->error_string);
+			return -1;
+		}
+	}
+
 	ret = ldb_next_add_record(module, msg2);
 	talloc_free(msg2);
 
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index d70d936988..01dbc6366a 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -713,7 +713,7 @@ objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
 dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
 objectClass: top
 objectClass: site
-cn: Sites
+cn: ${DEFAULTSITE}
 instanceType: 4
 uSNCreated: ${USN}
 uSNChanged: ${USN}
diff --git a/testprogs/ejs/ldap.js b/testprogs/ejs/ldap.js
new file mode 100755
index 0000000000..bba81f3971
--- /dev/null
+++ b/testprogs/ejs/ldap.js
@@ -0,0 +1,56 @@
+#!/bin/sh
+exec smbscript "$0" ${1+"$@"}
+/*
+	test certin LDAP behaviours
+*/
+
+var ldb = ldb_init();
+
+var options = new Object();
+
+ok = GetOptions(ARGV, options,
+		"POPT_AUTOHELP",
+		"POPT_COMMON_SAMBA",
+		"POPT_COMMON_CREDENTIALS");
+if (ok == false) {
+   println("Failed to parse options: " + options.ERROR);
+   return -1;
+}
+
+if (options.ARGV.length != 2) {
+   println("Usage: ldap.js <BASEDN> <HOST>");
+   return -1;
+}
+
+var base_dn = options.ARGV[0];
+var host = options.ARGV[1];
+
+function basic_tests(ldb, base_dn)
+{
+	println("Running basic tests");
+
+	ldb.del("cn=ldaptestuser,cn=users," + base_dn);
+
+	ok = ldb.add("
+dn: cn=ldaptestuser,cn=users," + base_dn + "
+objectClass: user
+objectClass: person
+cn: LDAPtestUSER
+");
+	assert(ok);
+
+	println("Testing ldb.search");
+	var res = ldb.search("(&(cn=ldaptestuser)(objectClass=user))");
+
+	assert(res[0].dn == "cn=ldaptestuser,cn=users," + base_dn);
+	assert(res[0].cn == "ldaptestuser");
+	assert(res[0].name == "ldaptestuser");
+	assert(res[0].objectGUID != undefined);
+	assert(res[0].whenCreated != undefined);
+
+}
+
+var ok = ldb.connect("ldap://" + host);
+basic_tests(ldb, base_dn)
+
+return 0;
diff --git a/testprogs/ejs/ldb.js b/testprogs/ejs/ldb.js
index ea090a65b7..812c5a5b96 100755
--- a/testprogs/ejs/ldb.js
+++ b/testprogs/ejs/ldb.js
@@ -86,6 +86,7 @@ x: 8
 dn: cn=x9,cn=test
 objectClass: foo
 x: 9
+cn: X9
 ");
 	assert(ok);
 
@@ -94,12 +95,14 @@ x: 9
 	assert(res[0].createTimestamp != undefined);
 	assert(res[0].whenCreated != undefined);
 	assert(res[0].name == "x8");
+	assert(res[0].cn == "x8");
 
 	var res2 = ldb.search("x=9", NULL, ldb.SCOPE_DEFAULT);
 	assert(res2[0].objectGUID != undefined);
 	assert(res2[0].createTimestamp != undefined);
 	assert(res2[0].whenCreated != undefined);
 	assert(res2[0].name == "x9");
+	assert(res2[0].cn == "x9");
 
 	assert(res[0].objectGUID != res2[0].objectGUID);