with Samba it's possible create an organizationalUnit with the same name as the CN of a user or a group. This results in non-unique "name" attributes and MUST be forbidden. A windows AD controller also does not allow this. This bug was found by Harry, I'll cc him here.
using ldbedit agains w2k16: adding a new user "ou2", where an OU with the same name exists results in this reply: failed to add CN=ou2,OU=test-ou,DC=wdom2,DC=site - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071: UpdErr: DSID-030503C4, problem 6005 (ENTRY_EXISTS), data 0 > <> adding a new OU "foo1", where a user with the same name exists results in this reply: failed to add OU=foo1,OU=test-ou,DC=wdom2,DC=site - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071: UpdErr: DSID-030503C4, problem 6005 (ENTRY_EXISTS), data 0 > <> This is what Samba should also return here. Samba currently allows creating those object without throwing an error.
As noted, in Windows AD, the uniqueness constraint is on the RDN value, not the full RDN. This is going to be really tricky to fix, not because of the extra LDB behaviour (not too hard really, just a new unique index), but because we will need to enforce this after an upgrade, and there may be a DB out there with these duplicates already. Is this something you are looking to fix, or is this just a note so we have a place to start if somebody had the time?
I mainly added this to collect information here. If you (or someone) else want to look into it, that would be very much appreciated.
*** Bug 15187 has been marked as a duplicate of this bug. ***