s4-dsdb Print clearer error messages when invalid account flags are specified on add
authorAndrew Bartlett <abartlet@samba.org>
Mon, 5 Sep 2011 01:08:20 +0000 (11:08 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 5 Sep 2011 01:25:38 +0000 (11:25 +1000)
source4/dsdb/common/util_samr.c

index b9663ef0ac81c79a3c9e0c547917dc611889560b..184dfd5f46d63c620be18304855e69163af268cf 100644 (file)
@@ -127,7 +127,16 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb,
                cn_name[cn_name_len - 1] = '\0';
                container = "OU=Domain Controllers";
                obj_class = "computer";
                cn_name[cn_name_len - 1] = '\0';
                container = "OU=Domain Controllers";
                obj_class = "computer";
+       } else if (acct_flags == ACB_DOMTRUST) {
+               DEBUG(3, ("Invalid account flags specified:  cannot create domain trusts via this interface (must use LSA CreateTrustedDomain calls\n"));
+               ldb_transaction_cancel(ldb);
+               talloc_free(tmp_ctx);
+               return NT_STATUS_INVALID_PARAMETER;
        } else {
        } else {
+               DEBUG(3, ("Invalid account flags specified 0x%08X, must be exactly one of \n"
+                         "ACB_NORMAL (0x%08X) ACB_WSTRUST (0x%08X) or ACB_SVRTRUST (0x%08X)\n",
+                         acct_flags,
+                         ACB_NORMAL, ACB_WSTRUST, ACB_SVRTRUST));
                ldb_transaction_cancel(ldb);
                talloc_free(tmp_ctx);
                return NT_STATUS_INVALID_PARAMETER;
                ldb_transaction_cancel(ldb);
                talloc_free(tmp_ctx);
                return NT_STATUS_INVALID_PARAMETER;