s4-dsdb Print clearer error messages when invalid account flags are specified on add

diff --git a/source4/dsdb/common/util_samr.c b/source4/dsdb/common/util_samr.c
index b9663ef0ac81c79a3c9e0c547917dc611889560b..184dfd5f46d63c620be18304855e69163af268cf 100644 (file)
--- a/source4/dsdb/common/util_samr.c
+++ b/source4/dsdb/common/util_samr.c
@@ -127,7 +127,16 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb,
                cn_name[cn_name_len - 1] = '\0';
                container = "OU=Domain Controllers";
                obj_class = "computer";
                cn_name[cn_name_len - 1] = '\0';
                container = "OU=Domain Controllers";
                obj_class = "computer";

+       } else if (acct_flags == ACB_DOMTRUST) {
+               DEBUG(3, ("Invalid account flags specified:  cannot create domain trusts via this interface (must use LSA CreateTrustedDomain calls\n"));
+               ldb_transaction_cancel(ldb);
+               talloc_free(tmp_ctx);
+               return NT_STATUS_INVALID_PARAMETER;

        } else {
        } else {

+               DEBUG(3, ("Invalid account flags specified 0x%08X, must be exactly one of \n"
+                         "ACB_NORMAL (0x%08X) ACB_WSTRUST (0x%08X) or ACB_SVRTRUST (0x%08X)\n",
+                         acct_flags,
+                         ACB_NORMAL, ACB_WSTRUST, ACB_SVRTRUST));

                ldb_transaction_cancel(ldb);
                talloc_free(tmp_ctx);
                return NT_STATUS_INVALID_PARAMETER;
                ldb_transaction_cancel(ldb);
                talloc_free(tmp_ctx);
                return NT_STATUS_INVALID_PARAMETER;