From 131be8da0fa2db11b91cb08a182a524832db1d41 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Sat, 19 Jun 2010 19:33:16 +0200
Subject: s4:instancetype LDB module - "instanceType" is single-valued -
 MS-ADTS 3.1.1.5.2.2

---
 source4/dsdb/samdb/ldb_modules/instancetype.c | 14 ++++++++++++--
 source4/lib/ldb/tests/python/ldap.py          |  9 +++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c
index 4ed906f362..f71a8d3948 100644
--- a/source4/dsdb/samdb/ldb_modules/instancetype.c
+++ b/source4/dsdb/samdb/ldb_modules/instancetype.c
@@ -84,6 +84,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
 	struct ldb_context *ldb;
 	struct ldb_request *down_req;
 	struct ldb_message *msg;
+	struct ldb_message_element *el;
 	struct it_context *ac;
 	uint32_t instance_type;
 	int ret;
@@ -97,8 +98,17 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
 		return ldb_next_request(module, req);
 	}
 
-	if (ldb_msg_find_element(req->op.add.message, "instanceType")) {
-		unsigned int instanceType = ldb_msg_find_attr_as_uint(req->op.add.message, "instanceType", 0);
+	el = ldb_msg_find_element(req->op.add.message, "instanceType");
+	if (el != NULL) {
+		unsigned int instanceType;
+
+		if (el->num_values != 1) {
+			ldb_set_errstring(ldb, "instancetype: the 'instanceType' attribute is single-valued!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		instanceType = ldb_msg_find_attr_as_uint(req->op.add.message,
+							 "instanceType", 0);
 		if (!(instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
 			return ldb_next_request(module, req);		
 		}
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index 40cbb9feb3..db1a47ce64 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -652,6 +652,15 @@ class BasicTests(unittest.TestCase):
         """Tests the 'instanceType' attribute"""
         print "Tests the 'instanceType' attribute"""
 
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "instanceType": ["0", "1"]})
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
         self.ldb.add({
              "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
              "objectclass": "group"})
-- 
cgit