s4:objectclass LDB module - the structural objectclass has always to be specified

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov  3 16:20:55 UTC 2010 on sn-devel-104

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 474e848c60a75ef12b0725d94ad425a4eafd7bca..9483d3e019c27a77eeec3afe93a10f2bfbeac6a2 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -518,6 +518,12 @@ static int objectclass_do_add(struct oc_context *ac)
                        talloc_free(mem_ctx);
                        return LDB_ERR_OBJECT_CLASS_VIOLATION;
                }
+               if (objectclass_element->num_values == 0) {
+                       ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, at least one (structural) objectclass has to be specified!",
+                                              ldb_dn_get_linearized(msg->dn));
+                       talloc_free(mem_ctx);
+                       return LDB_ERR_CONSTRAINT_VIOLATION;
+               }
 
                /* Here we do now get the "objectClass" list from the
                 * database. */

diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index e8bc62580784c5af58e7c52cf48dff3571ae828a..36c12a293087439f771ae21045af848d42f59abd 100755 (executable)
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -148,6 +148,15 @@ class BasicTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
 
+        # Invalid objectclass specified
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": [] })
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+
         # Invalid objectclass specified
         try:
             self.ldb.add({
@@ -304,6 +313,16 @@ class BasicTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
 
+        # We cannot remove all object classes by an empty replace
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement([], FLAG_MOD_REPLACE, "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
         m = Message()
         m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
         m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE,