From 33bb063b053c24a84fdd13b866d1f80a964aeabf Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Sun, 15 Aug 2010 10:20:48 +0200
Subject: s4:password_hash LDB module - support this new password set syntax

---
 source4/dsdb/samdb/ldb_modules/password_hash.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index e90653f7ec..48d841b817 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -2431,10 +2431,18 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
 				++rep_attr_cnt;
 			}
 			if ((passwordAttr->num_values != 1) &&
-			    (passwordAttr->flags != LDB_FLAG_MOD_REPLACE)) {
+			    (passwordAttr->flags == LDB_FLAG_MOD_ADD)) {
 				talloc_free(ac);
 				ldb_asprintf_errstring(ldb,
-						       "'%s' attributes must have exactly one value!",
+						       "'%s' attribute must have exactly one value on add operations!",
+						       *l);
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+			if ((passwordAttr->num_values > 1) &&
+			    (passwordAttr->flags == LDB_FLAG_MOD_DELETE)) {
+				talloc_free(ac);
+				ldb_asprintf_errstring(ldb,
+						       "'%s' attribute must have zero or one value(s) on delete operations!",
 						       *l);
 				return LDB_ERR_CONSTRAINT_VIOLATION;
 			}
-- 
cgit