diff options
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/schema_data.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c index 3d50d99ac2..acf8186fb1 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_data.c +++ b/source4/dsdb/samdb/ldb_modules/schema_data.c @@ -275,6 +275,34 @@ static int schema_data_modify(struct ldb_module *module, struct ldb_request *req cmp = ldb_dn_compare(req->op.mod.message->dn, schema->base_dn); if (cmp == 0) { + static const char * const constrained_attrs[] = { + "schemaInfo", + "prefixMap", + "msDs-Schema-Extensions", + "msDS-IntId", + NULL + }; + size_t i; + struct ldb_message_element *el; + + if (ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID)) { + return ldb_next_request(module, req); + } + + for (i=0; constrained_attrs[i]; i++) { + el = ldb_msg_find_element(req->op.mod.message, + constrained_attrs[i]); + if (el == NULL) { + continue; + } + + ldb_debug_set(ldb, LDB_DEBUG_ERROR, + "schema_data_modify: reject update " + "of attribute[%s]\n", + constrained_attrs[i]); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + return ldb_next_request(module, req); } |