ldb_tdb: Improve logging on unique index violation

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 76f3cb392e211a0c5f1b748a648ee99447125a6b..232bb4c16d91d6a2e4820c77514e93b1f1586a16 100644 (file)
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -1179,9 +1179,22 @@ static int ltdb_index_add1(struct ldb_module *module, const char *dn,
 
        if (list->count > 0 &&
            a->flags & LDB_ATTR_FLAG_UNIQUE_INDEX) {
-               talloc_free(list);
+               /*
+                * We do not want to print info about a possibly
+                * confidential DN that the conflict was with in the
+                * user-visible error string
+                */
+               ldb_debug(ldb, LDB_DEBUG_WARNING,
+                         __location__ ": unique index violation on %s in %s, "
+                         "conficts with %*.*s in %s",
+                         el->name, dn,
+                         (int)list->dn[0].length,
+                         (int)list->dn[0].length,
+                         list->dn[0].data,
+                         ldb_dn_get_linearized(dn_key));
                ldb_asprintf_errstring(ldb, __location__ ": unique index violation on %s in %s",
                                       el->name, dn);
+               talloc_free(list);
                return LDB_ERR_ENTRY_ALREADY_EXISTS;
        }