diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 94f9ad3ace5..57f81eaaaf0 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -305,6 +305,11 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call, if (ret != LDB_SUCCESS) return ret; + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; @@ -358,6 +363,11 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call, return ret; } + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; @@ -404,6 +414,11 @@ static int ldapsrv_del_with_controls(struct ldapsrv_call *call, if (ret != LDB_SUCCESS) return ret; + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; @@ -451,6 +466,11 @@ static int ldapsrv_rename_with_controls(struct ldapsrv_call *call, if (ret != LDB_SUCCESS) return ret; + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret;