bug in interplay between SAMR_CREATE_USER and ldapsam

Brad Langhorst brad at langhorst.com
Fri May 14 02:14:42 GMT 2004

This bug is exposed when a client issues the RPC  SAMR_CREATE_USER

this command is routed to the 
_samr_create_user function in srv__samr__nt

About half way through the function it correctly calls the add machine
script - which creates a machine account in the ldap store.

after this call succeeds it calls pdb_add_sam_account
which gets routed to ldapsam_add_sam_account

ldapsam_add_sam_account immediately searches the ldap store for the user
it's going to create and returns an NT_STATUS_UNSUCCESSFUL because this
user was added to the ldap store by the add_machine script.

I don't know this code very well so I'm not sure if it is appropriate
for ldapsam_add_sam_account to return NT_STATUS_UNSUCCESSFUL - why not

it doesn't really matter because the struct sitting between the rpc area
and the pdb backends just returns


so all the errors get collapsed into one state and the caller wouldn't
be able do anything different anyway.

Is it reasonable for me to change that struct to return the actual
NT_STATUS code so the RPC code can do something different?

What about just returning NT_STATUS_OK from the user search?
what other code paths care about pre-existing users?


More information about the samba-technical mailing list