From 1949864417f3d10fb8996df7db259649eb777271 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 7 Jun 2010 20:46:59 +0200 Subject: s4:objectclass_attrs LDB module - move the single-valued attribute check into this module It seems to me more consistent (and also to keep the same behaviour on all backends). Also the DRS hack should therefore not be needed anymore since the "repl_meta_data" module launches requests behind "objectclass_attrs". --- source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c index 042d26b981..5b76a0b946 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c @@ -180,7 +180,7 @@ static int attr_handler2(struct oc_context *ac) } /* Check if all specified attributes are valid in the given - * objectclasses. */ + * objectclasses and if they meet additional schema restrictions. */ msg = ac->search_res->message; for (i = 0; i < msg->num_elements; i++) { attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, @@ -189,6 +189,18 @@ static int attr_handler2(struct oc_context *ac) return LDB_ERR_OPERATIONS_ERROR; } + /* Check if they're single-valued if this is requested */ + if ((msg->elements[i].num_values > 1) && (attr->isSingleValued)) { + ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' is single-valued!", + msg->elements[i].name, + ldb_dn_get_linearized(msg->dn)); + if (ac->req->operation == LDB_ADD) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } else { + return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; + } + } + /* We can use "str_list_check" with "strcmp" here since the * attribute informations from the schema are always equal * up-down-cased. */ -- cgit