(except as part of the provision, which specifies the 'relax' control)
Andrew Bartlett
return LDB_ERR_NAMING_VIOLATION;
}
return LDB_ERR_NAMING_VIOLATION;
}
+ if (current->objectclass->systemOnly && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+ ldb_asprintf_errstring(ldb, "objectClass %s is systemOnly, rejecting creation of %s",
+ current->objectclass->lDAPDisplayName, ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
if (!ldb_msg_find_element(msg, "objectCategory")) {
value = talloc_strdup(msg, current->objectclass->defaultObjectCategory);
if (value == NULL) {
if (!ldb_msg_find_element(msg, "objectCategory")) {
value = talloc_strdup(msg, current->objectclass->defaultObjectCategory);
if (value == NULL) {
char *time_str;
int ret;
uint32_t i, ni=0;
char *time_str;
int ret;
uint32_t i, ni=0;
- int allow_add_guid=0;
- int remove_current_guid=0;
+ bool allow_add_guid = false;
+ bool remove_current_guid = false;
- /* check if there's a show deleted control */
+ /* check if there's a show relax control (used by provision to say 'I know what I'm doing') */
control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
if (control) {
allow_add_guid = 1;
control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
if (control) {
allow_add_guid = 1;
}
/* we remove this attribute as it can be a string and will not be treated
correctly and then we will readd it latter on in the good format*/
}
/* we remove this attribute as it can be a string and will not be treated
correctly and then we will readd it latter on in the good format*/
- remove_current_guid = 1;
+ remove_current_guid = true;
}
} else {
/* a new GUID */
}
} else {
/* a new GUID */