From 1c71c096459da85b1e5276d8c315b05e7bc870fa Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 25 Sep 2009 08:34:33 -0700
Subject: s4:dsdb Don't allow creating of new objects with an isDefunct schema
 class

---
 source4/dsdb/samdb/ldb_modules/objectclass.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'source4')

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index ad14acbcf8..cc88d6b96d 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -138,7 +138,13 @@ static int objectclass_sort(struct ldb_module *module,
 		if (!current->objectclass) {
 			ldb_asprintf_errstring(ldb, "objectclass %.*s is not a valid objectClass in schema", 
 					       (int)objectclass_element->values[i].length, (const char *)objectclass_element->values[i].data);
-			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+			/* This looks weird, but windows apparently returns this for invalid objectClass values */
+			return LDB_ERR_NO_SUCH_ATTRIBUTE;
+		} else if (current->objectclass->isDefunct) {
+			ldb_asprintf_errstring(ldb, "objectclass %.*s marked as isDefunct objectClass in schema - not valid for new objects", 
+					       (int)objectclass_element->values[i].length, (const char *)objectclass_element->values[i].data);
+			/* This looks weird, but windows apparently returns this for invalid objectClass values */
+			return LDB_ERR_NO_SUCH_ATTRIBUTE;
 		}
 
 		/* this is the root of the tree.  We will start
-- 
cgit