Comment 3 for bug 999594

I've looked at this a bit. The second grant is never created as far as I can see.

For the kvs and sql backends, it's all working fine because we use sets to make sure we don't duplicate grants. The ldap backend, however, raises an exception.Error. So whatever we do, we should make things consistent.

I guess returning a 409 error makes some sense.