help with pwd can/must change LDAP attributes

Ignacio Coupeau icoupeau at
Mon Jul 12 10:45:59 GMT 1999

A bit late, but...

Charles Owens wrote:
>    * When logging in, I'm told my password has expired, and prompted to
>      change the password.
>    * I can actually change the password! ...either in this dialog or the
>      other usual means (at least the SMB-side of things... I'm having
>      trouble with the UNIX password sync functionality)... this despite
>      what is reported in usrmgr.exe.

with ldapmodify try something like:
dn: uid=037148, o=SMB-Universidad de Navarra, c=ES
changetype: modify
replace: pwdMustChange
pwdMustChange: FFFFFFFF

for me it works.
The time format is hexadecimal set with strtol(tmestr,NULL,16)...
	timestr: the string contains your input at dialog box
	NULL: pointer to string not parsed
	16: the base (hex)

look at passdb/sampassldap.c ldap_[read|save]_time

I tested with "pwdMustChange: FFFFFFFF" and "pwdMustChange: 00000000"
and runs.

Ignacio Coupeau, Ph.D.     e-mail: icoupeau at
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN  

More information about the samba-ntdom mailing list