s3:ldap: Leave add machine code early for pre-existing accounts

This avoids numerous LDAP constraint violation errors when we try to
re-precreate an already existing machine account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

source3/libads/ldap.c

@@ -2120,6 +2120,15 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
 		goto done;
 	}
 
+	ret = ads_find_machine_acct(ads, &res, machine_escaped);
+	ads_msgfree(ads, res);
+	if (ADS_ERR_OK(ret)) {
+		DBG_DEBUG("Host account for %s already exists.\n",
+				machine_escaped);
+		ret = ADS_ERROR_LDAP(LDAP_ALREADY_EXISTS);
+		goto done;
+	}
+
 	new_dn = talloc_asprintf(ctx, "cn=%s,%s", machine_escaped, org_unit);
 	samAccountName = talloc_asprintf(ctx, "%s$", machine_name);
 
@@ -2155,7 +2164,6 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
 
 done:
 	SAFE_FREE(machine_escaped);
-	ads_msgfree(ads, res);
 	talloc_destroy(ctx);
 
 	return ret;