[Samba] Samba 3.0.24 handling LDAP responses incorrectly
Ryan Steele
rsteele at archer-group.com
Mon Apr 7 19:19:00 GMT 2008
Volker Lendecke wrote:
> On Mon, Apr 07, 2008 at 02:03:32PM -0400, Ryan Steele wrote:
>
>> #if defined(LDAP_CONSTRAINT_VIOLATION)
>> if (rc == LDAP_CONSTRAINT_VIOLATION)
>> return NT_STATUS_PASSWORD_RESTRICTION;
>> #endif
>>
>> ...to pdb_ldap.c didn't seem to change the behavior at all. I suspect
>> it's because LDAP_CONSTRAINT_VIOLATION isn't defined anywhere in my
>> 3.0.24 source, though I could certainly be wrong. I'm grabbing the
>> latest source from git to see where that's defined, but if anybody wants
>> to head me off at the pass with the information, it's certainly welcome.
>>
>
> If your LDAP libs don't have that define, you might try to
> use the value from OpenLDAP:
>
> #define LDAP_CONSTRAINT_VIOLATION 0x13
>
> Volker
>
It's not defined in my Samba source, but I guess that was the wrong
place to look. On my system, /usr/include/ldap.h does in fact have that
defined. However, Samba still returns NT_STATUS_UNSUCCESSFUL, and
Windows still reports that the password couldn't be changed because the
domain was unavailable... have I zigged where I should've zagged, or is
Samba not setting rc properly when it gets the response from LDAP?
Thanks,
Ryan
More information about the samba
mailing list