16027 – Samba-AD shouldn't accept creating a CN= with same name as OU= in the same OU

Bug 16027 - Samba-AD shouldn't accept creating a CN= with same name as OU= in the same OU

Summary: Samba-AD shouldn't accept creating a CN= with same name as OU= in the same OU

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.24.0rc*
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2026-03-11 10:39 UTC by Denis Cardon
Modified:	2026-03-11 21:23 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Denis Cardon 2026-03-11 10:39:41 UTC

If one want to create a user entry with the same name as a OU, like for example:

CN=Users,DC=mydomain,DC=lan
OU=Users,DC=mydomain,DC=lan

Samba-AD allows to create such entries, but it is forbidden on a MS-AD. 

When creating a CN entry, Samba-AD should check that the corresponding names is not already used for a OU entry, and do the same check the other way around when creating a OU entry.