If you create a object with the same DN like an existing one, there is displayed an error message "not enough memory". This is'nt very meaningful.
I've reproduced the issue, but I need to do more to figure out what the correct response is here. We may need the extended LDAP error responses.
Andrew, I saw you enhanced the error message. What do you think is the best way to do with this issue? Would you leave that and close the bug or are you going to change it another time?
The fix is to rework our LDAP error returns to include AD's extended error information. I don't know when we will get to that...
Look here for a proposed fix.
This looks *really* good. The only thing that I would ask is that you include a torture suite for it. Use LDB to connect to a server, and try and make a few 'prohibited' modifications, and assert that we get the right error string in the reply. That way, we won't break this important functionality in the future. Thanks!
Updated URL
Those error messages "Not enough memory" should be gone. Unfortunately, we can't and don't follow the exact Windows Server LDAP behaviour (more error messages/codes, tests and checks performed in a different order...). So we have often slightly different error codes between SAMBA 4 and Windows Server for the same problem. But this bug should be fixed.