linked attribute tests: test against duplicates in replace

We should not be able to introduce duplicate links using MOD_REPLACE.
It turns out we could and weren't testing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/selftest/knownfail.d/ldap-linked-attributes b/selftest/knownfail.d/ldap-linked-attributes
new file mode 100644 (file)
index 0000000..5fa50e3
--- /dev/null
+++ b/selftest/knownfail.d/ldap-linked-attributes
@@ -0,0 +1,3 @@
+# linked attribute replacement isn't checking for duplicates.
+
+samba4.ldap.linked_attributes.python.*test_la_links_replace

diff --git a/source4/dsdb/tests/python/linked_attributes.py b/source4/dsdb/tests/python/linked_attributes.py
index 6235bf77a8949860430b57e2b3f2260a2e37770e..705c9d5c0dbf6a5bc016735492f9c5984ca5883e 100644 (file)
--- a/source4/dsdb/tests/python/linked_attributes.py
+++ b/source4/dsdb/tests/python/linked_attributes.py
@@ -464,6 +464,16 @@ class LATests(samba.tests.TestCase):
         self.assert_back_links(u3, [g1])
         self.assert_back_links(u4, [])
 
+        try:
+            # adding u2 twice should be an error
+            self.replace_linked_attribute(g2, [u1, u2, u3, u2])
+        except ldb.LdbError as (num, msg):
+            if num != ldb.ERR_ENTRY_ALREADY_EXISTS:
+                self.fail("adding duplicate values, expected "
+                          "ERR_ENTRY_ALREADY_EXISTS, (%d) "
+                          "got %d" % (ldb.ERR_ENTRY_ALREADY_EXISTS, num))
+        else:
+            self.fail("replacing duplicate values succeeded when it shouldn't")
 
     def test_la_links_replace2(self):
         users = self.add_objects(12, 'user', 'u_replace2')