Adding a duplicate attribute value to an entry with a single modify operation results in an invalid entry. After the operation it contains the parameter value twice. Hence someone is able to change this entry

dn: cn=Heather Nova,ou=system
objectClass: top
objectClass: person
cn: Heather Nova
sn: Nova

into an entry which looks like this:

dn: cn=Heather Nova,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: organizationalPerson
cn: Heather Nova
sn: Nova

Expected behavior is LDAP Error code: 20 (Indicates that the attribute value specified in a modify or add operation already exists as a value for that attribute). This is quite similar to DIREVE-241 ("Adding an already existing attribute value with a modify operation does not cause an error."). But in this case, the attribute value is not present before, but is created with a single modify operation with two add changes. OK, it is a little bit bizarre, but other LDAP servers successfully refuse such an operation.

Find attached a test case with two tests, one for an already existing attribute type, and one for a new type (the issue arises in both occasions).