governsID = ldb_msg_find_ldb_val(req->op.add.message, "governsID");
if (attributeID) {
+ /* Sanity check for not allowed attributes */
+ if (ldb_msg_find_ldb_val(req->op.add.message, "msDS-IntId")) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
oid_attr = "attributeID";
oid = talloc_strndup(req, (const char *)attributeID->data, attributeID->length);
} else if (governsID) {
return ldb_next_request(module, req);
}
+static int schema_data_modify(struct ldb_module *module, struct ldb_request *req)
+{
+ /* special objects should always go through */
+ if (ldb_dn_is_special(req->op.mod.message->dn)) {
+ return ldb_next_request(module, req);
+ }
+
+ /* replicated update should always go through */
+ if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+ return ldb_next_request(module, req);
+ }
+
+ /* msDS-IntId is not allowed to be modified */
+ if (ldb_msg_find_ldb_val(req->op.mod.message, "msDS-IntId")) {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+
+ /* go on with the call chain */
+ return ldb_next_request(module, req);
+}
+
static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg,
const struct dsdb_schema *schema)
{
.name = "schema_data",
.init_context = schema_data_init,
.add = schema_data_add,
+ .modify = schema_data_modify,
.search = schema_data_search
};