summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c4
-rwxr-xr-xsource4/dsdb/tests/python/ldap.py19
2 files changed, 13 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index d23031522d..e7e84b2e3b 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -269,6 +269,10 @@ static int samldb_check_primaryGroupID(struct samldb_ctx *ac)
if (ret != LDB_SUCCESS) {
return ret;
}
+ } else if (!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+ ldb_set_errstring(ldb,
+ "The primary group isn't settable on add operations!");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
}
sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), rid);
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index d2aeeb1a12..82b5de2147 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -1240,16 +1240,15 @@ objectClass: container
self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
# Try to Create a user with a valid primary group
-# TODO Some more investigation needed here
-# try:
-# ldb.add({
-# "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
-# "objectclass": ["user", "person"],
-# "primaryGroupID": str(group_rid_1)})
-# self.fail()
-# except LdbError, (num, _):
-# self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-# self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ try:
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": ["user", "person"],
+ "primaryGroupID": str(group_rid_1)})
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
# Test to see how we should behave when the user account doesn't
# exist