s4:samldb LDB module - it isn't allowed to create user/computer accounts with a primary group specified

It can only be changed afterwards. We allow a "relax"ed exception for the provision state since we need this for the guest account. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
author: Matthias Dieter Wallnöfer <mdw@samba.org> 2010-09-15 15:19:38 +0200
committer: Andrew Bartlett <abartlet@samba.org> 2010-09-24 09:25:42 +1000
commit: 679eb33e798efbfdaebb9cf0cd3977bb945e8075 (patch)
tree: da1f7d447012a57b0f0c84c5a687c892c9794ab8 /source4/dsdb/samdb
parent: 2e913994f2455019a3b99cb19df2f319b7218e17 (diff)
download: samba-679eb33e798efbfdaebb9cf0cd3977bb945e8075.tar.gz
samba-679eb33e798efbfdaebb9cf0cd3977bb945e8075.tar.bz2
samba-679eb33e798efbfdaebb9cf0cd3977bb945e8075.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index d23031522d..e7e84b2e3b 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -269,6 +269,10 @@ static int samldb_check_primaryGroupID(struct samldb_ctx *ac)
 		if (ret != LDB_SUCCESS) {
 			return ret;
 		}
+	} else if (!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+		ldb_set_errstring(ldb,
+				  "The primary group isn't settable on add operations!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
 	}
 
 	sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), rid);
author	Matthias Dieter Wallnöfer <mdw@samba.org>	2010-09-15 15:19:38 +0200
committer	Andrew Bartlett <abartlet@samba.org>	2010-09-24 09:25:42 +1000
commit	679eb33e798efbfdaebb9cf0cd3977bb945e8075 (patch)
tree	da1f7d447012a57b0f0c84c5a687c892c9794ab8 /source4/dsdb/samdb
parent	2e913994f2455019a3b99cb19df2f319b7218e17 (diff)
download	samba-679eb33e798efbfdaebb9cf0cd3977bb945e8075.tar.gz samba-679eb33e798efbfdaebb9cf0cd3977bb945e8075.tar.bz2 samba-679eb33e798efbfdaebb9cf0cd3977bb945e8075.zip