From f2a4158e0d9330bd4ed0379ec3e5385ad9c6540c Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sat, 21 Feb 2009 11:31:53 +0000
Subject: [PATCH] don't allow to add distinguished values when other values of
 naming attributes are already present (ITS#5965)

---
 servers/slapd/schema_check.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c
index b466613c47..e95b3625cd 100644
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@@ -881,7 +881,7 @@ entry_naming_check(
 				SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
 				&ava->la_value, NULL, NULL );
 
-			if( rc != 0 ) {
+			if ( rc != 0 ) {
 				switch( rc ) {
 				case LDAP_INAPPROPRIATE_MATCHING:
 					snprintf( textbuf, textlen, 
@@ -895,8 +895,16 @@ entry_naming_check(
 					break;
 				case LDAP_NO_SUCH_ATTRIBUTE:
 					if ( add_naming ) {
-						add = 1;
-						rc = LDAP_SUCCESS;
+						if ( is_at_single_value( desc->ad_type ) ) {
+							snprintf( textbuf, textlen, 
+								"value of single-valued naming attribute '%s' conflicts with value present in entry",
+								ava->la_attr.bv_val );
+
+						} else {
+							add = 1;
+							rc = LDAP_SUCCESS;
+						}
+
 					} else {
 						snprintf( textbuf, textlen, 
 							"value of naming attribute '%s' is not present in entry",
-- 
2.39.5