1) pdb_ldap allows to map the same SID twice (with two distinct gids) while
creating/modifying a mapping. So we don't have exactly 1 SID <=> 1 GID. It
is impossible to delete such a mapping (mapped twice) after its creation.
2) pdb_ldap.c also allows to use a gid already mapped while modifying a
mapping (there is no check).
Created attachment 375 [details]
Provides additional checks for pdb_ldap when creating/modifying group mapping entries
Verify if the SID involved in a new mapping is already used in another mapping
to avoid same SID mapped twice to different unix groups.
Verify if a gid specified while modifying an existing mapping is not involved
Also modified error messages to make them easier to understand.
Volker, I'll leave this for you to consider.
moving to 3.0