s3:ldap: Leave add machine code early for pre-existing accounts

This avoids numerous LDAP constraint violation errors when we try to
re-precreate an already existing machine account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 8fade1027b77479cadbb54b4abfa5016af78cd7a..4f3d43b02b1c04ed80750bdb4ee78da6e3ae7b1d 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -2120,6 +2120,15 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
                goto done;
        }
 
+       ret = ads_find_machine_acct(ads, &res, machine_escaped);
+       ads_msgfree(ads, res);
+       if (ADS_ERR_OK(ret)) {
+               DBG_DEBUG("Host account for %s already exists.\n",
+                               machine_escaped);
+               ret = ADS_ERROR_LDAP(LDAP_ALREADY_EXISTS);
+               goto done;
+       }
+
        new_dn = talloc_asprintf(ctx, "cn=%s,%s", machine_escaped, org_unit);
        samAccountName = talloc_asprintf(ctx, "%s$", machine_name);
 
@@ -2155,7 +2164,6 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
 
 done:
        SAFE_FREE(machine_escaped);
-       ads_msgfree(ads, res);
        talloc_destroy(ctx);
 
        return ret;