summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-10-26 12:08:02 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-10-26 18:12:00 +0000
commit802e3b4e1f2e0fdc7fc11ed7881dade261bfa34a (patch)
treed940e6a15e1b9e5613cc1d125b40a9ea809d5c47
parenta839422fc57762ea3366afbe58b018cf11bfffd7 (diff)
downloadsamba-802e3b4e1f2e0fdc7fc11ed7881dade261bfa34a.tar.gz
samba-802e3b4e1f2e0fdc7fc11ed7881dade261bfa34a.tar.bz2
samba-802e3b4e1f2e0fdc7fc11ed7881dade261bfa34a.zip
s4:samldb LDB module - enhance the "member"-check trigger
- Also multi-valued "member" attributes are allowed - When you try to delete a member from a group which has it primary group set exactly to this group you get "UNWILLING_TO_PERFORM"
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 26022b7e3c..924c05e254 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1158,7 +1158,12 @@ static int samldb_member_check(struct samldb_ctx *ac)
}
if (ldb_dn_compare(group_dn, ac->msg->dn) == 0) {
- return LDB_ERR_ENTRY_ALREADY_EXISTS;
+ if (LDB_FLAG_MOD_TYPE(el->flags)
+ == LDB_FLAG_MOD_DELETE) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ } else {
+ return LDB_ERR_ENTRY_ALREADY_EXISTS;
+ }
}
}
@@ -1463,8 +1468,7 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
}
el = ldb_msg_find_element(ac->msg, "member");
- if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE)
- && el->num_values == 1) {
+ if (el != NULL) {
ret = samldb_member_check(ac);
if (ret != LDB_SUCCESS) {
return ret;