[PATCH] LDAP PASSWD SYNC v02
Stefan (metze) Metzmacher
metze at metzemix.de
Fri Aug 2 02:38:02 GMT 2002
Hi Andrew,
here's the patch...
It adds a new parameter to smb.conf 'ldap passwd sync = Yes | No | Only':
Yes -> try to update the password on the LDAP-Server via extended operations.
No -> didn't try to update the passwd
Only -> This only the Passchange via extended operations is done.
and lmPassword, ntPassword, pwdLastSet are not updated/added
this is only availible if the ldap libs support LDAP_EXOP_X_MODIFY_PASSWD.
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
-------------- next part --------------
diff -Npur --exclude=CVS HEAD/source/include/smb.h HEAD-pdb/source/include/smb.h
--- HEAD/source/include/smb.h Thu Aug 1 07:25:08 2002
+++ HEAD-pdb/source/include/smb.h Thu Aug 1 10:11:05 2002
@@ -1375,6 +1375,9 @@ enum schema_types {SCHEMA_COMPAT, SCHEMA
/* LDAP SSL options */
enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
+/* LDAP PASSWD SYNC methods */
+enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
+
/* Remote architectures we know about. */
enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};
diff -Npur --exclude=CVS HEAD/source/param/loadparm.c HEAD-pdb/source/param/loadparm.c
--- HEAD/source/param/loadparm.c Thu Aug 1 07:25:09 2002
+++ HEAD-pdb/source/param/loadparm.c Thu Aug 1 10:57:08 2002
@@ -205,11 +205,13 @@ typedef struct
int iLockSpinTime;
char *szLdapMachineSuffix;
char *szLdapUserSuffix;
- int ldap_port;
int ldap_ssl;
char *szLdapSuffix;
char *szLdapFilter;
char *szLdapAdminDn;
+#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+ int ldap_passwd_sync;
+#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
BOOL bMsAddPrinterWizard;
BOOL bDNSproxy;
BOOL bWINSsupport;
@@ -590,6 +592,20 @@ static struct enum_list enum_ldap_ssl[]
{-1, NULL}
};
+static struct enum_list enum_ldap_passwd_sync[] = {
+ {LDAP_PASSWD_SYNC_ON, "Yes"},
+ {LDAP_PASSWD_SYNC_ON, "yes"},
+ {LDAP_PASSWD_SYNC_ON, "on"},
+ {LDAP_PASSWD_SYNC_ON, "On"},
+ {LDAP_PASSWD_SYNC_OFF, "no"},
+ {LDAP_PASSWD_SYNC_OFF, "No"},
+ {LDAP_PASSWD_SYNC_OFF, "off"},
+ {LDAP_PASSWD_SYNC_OFF, "Off"},
+ {LDAP_PASSWD_SYNC_ONLY, "Only"},
+ {LDAP_PASSWD_SYNC_ONLY, "only"},
+ {-1, NULL}
+};
+
/* Types of machine we can announce as. */
#define ANNOUNCE_AS_NT_SERVER 1
#define ANNOUNCE_AS_WIN95 2
@@ -968,6 +984,9 @@ static struct parm_struct parm_table[] =
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, 0},
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, 0},
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, 0},
+#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+ {"ldap passwd sync", P_ENUM, P_GLOBAL, &Globals.ldap_passwd_sync, NULL, enum_ldap_passwd_sync, 0},
+#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
{"Miscellaneous Options", P_SEP, P_SEPARATOR},
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, 0},
@@ -1334,6 +1353,9 @@ static void init_globals(void)
string_set(&Globals.szLdapFilter, "(&(uid=%u)(objectclass=sambaAccount))");
string_set(&Globals.szLdapAdminDn, "");
Globals.ldap_ssl = LDAP_SSL_ON;
+#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+ Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
+#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
/* these parameters are set to defaults that are more appropriate
for the increasing samba install base:
@@ -1543,6 +1565,9 @@ FN_GLOBAL_STRING(lp_ldap_user_suffix, &G
FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter)
FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
+#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
+#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand)
diff -Npur --exclude=CVS HEAD/source/include/smb.h HEAD-pdb/source/include/smb.h
--- HEAD/source/include/smb.h Thu Aug 1 07:25:08 2002
+++ HEAD-pdb/source/include/smb.h Fri Aug 2 09:28:01 2002
@@ -652,7 +652,7 @@ typedef struct sam_passwd
DATA_BLOB lm_pw; /* .data is Null if no password */
DATA_BLOB nt_pw; /* .data is Null if no password */
- DATA_BLOB plaintext_pw; /* .data is Null if not available */
+ char* plaintext_pw; /* is Null if not available */
uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
uint32 unknown_3; /* 0x00ff ffff */
@@ -1374,6 +1374,9 @@ enum schema_types {SCHEMA_COMPAT, SCHEMA
/* LDAP SSL options */
enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
+
+/* LDAP PASSWD SYNC methods */
+enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
/* Remote architectures we know about. */
enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};
diff -Npur --exclude=CVS HEAD/source/passdb/passdb.c HEAD-pdb/source/passdb/passdb.c
--- HEAD/source/passdb/passdb.c Thu Aug 1 07:25:09 2002
+++ HEAD-pdb/source/passdb/passdb.c Fri Aug 2 11:30:47 2002
@@ -75,11 +75,19 @@ static void pdb_fill_default_sam(SAM_ACC
user->private.workstations = "";
user->private.unknown_str = "";
user->private.munged_dial = "";
+
+ user->private.plaintext_pw = NULL;
+
}
static void destroy_pdb_talloc(SAM_ACCOUNT **user)
{
if (*user) {
+ data_blob_clear_free(&((*user)->private.lm_pw));
+ data_blob_clear_free(&((*user)->private.nt_pw));
+
+ if((*user)->private.plaintext_pw!=NULL)
+ memset((*user)->private.plaintext_pw,'\0',strlen((*user)->private.plaintext_pw));
talloc_destroy((*user)->mem_ctx);
*user = NULL;
}
@@ -283,7 +291,8 @@ static void pdb_free_sam_contents(SAM_AC
data_blob_clear_free(&(user->private.lm_pw));
data_blob_clear_free(&(user->private.nt_pw));
- data_blob_clear_free(&(user->private.plaintext_pw));
+ if (user->private.plaintext_pw!=NULL)
+ memset(user->private.plaintext_pw,'\0',strlen(user->private.plaintext_pw));
}
diff -Npur --exclude=CVS HEAD/source/passdb/pdb_get_set.c HEAD-pdb/source/passdb/pdb_get_set.c
--- HEAD/source/passdb/pdb_get_set.c Wed Jul 24 07:57:11 2002
+++ HEAD-pdb/source/passdb/pdb_get_set.c Fri Aug 2 10:31:40 2002
@@ -151,7 +151,7 @@ const uint8* pdb_get_lanman_passwd (cons
const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass)
{
if (sampass) {
- return ((char*)sampass->private.plaintext_pw.data);
+ return (sampass->private.plaintext_pw);
}
else
return (NULL);
@@ -956,14 +956,24 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT
below)
********************************************************************/
-BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const uint8 *password, size_t len)
+BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password)
{
if (!sampass)
return False;
- data_blob_clear_free(&sampass->private.plaintext_pw);
-
- sampass->private.plaintext_pw = data_blob(password, len);
+ if (password) {
+ if (sampass->private.plaintext_pw!=NULL)
+ memset(sampass->private.plaintext_pw,'\0',strlen(sampass->private.plaintext_pw)+1);
+ sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, password);
+
+ if (!sampass->private.plaintext_pw) {
+ DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
+ return False;
+ }
+
+ } else {
+ sampass->private.plaintext_pw = NULL;
+ }
return True;
}
@@ -1062,7 +1072,10 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOU
if (!pdb_set_lanman_passwd (sampass, new_lanman_p16))
return False;
-
+
+ if (!pdb_set_plaintext_pw_only (sampass, plaintext))
+ return False;
+
if (!pdb_set_pass_changed_now (sampass))
return False;
diff -Npur --exclude=CVS HEAD/source/passdb/pdb_ldap.c HEAD-pdb/source/passdb/pdb_ldap.c
--- HEAD/source/passdb/pdb_ldap.c Tue Jul 30 10:39:13 2002
+++ HEAD-pdb/source/passdb/pdb_ldap.c Fri Aug 2 11:02:05 2002
@@ -1,11 +1,12 @@
/*
Unix SMB/CIFS implementation.
LDAP protocol helper functions for SAMBA
- Copyright (C) Gerald Carter 2001
- Copyright (C) Shahms King 2001
- Copyright (C) Jean Fran?ois Micouleau 1998
- Copyright (C) Andrew Bartlett 2002
-
+ Copyright (C) Jean Fran?ois Micouleau 1998
+ Copyright (C) Gerald Carter 2001
+ Copyright (C) Shahms King 2001
+ Copyright (C) Andrew Bartlett 2002
+ Copyright (C) Stefan (metze) Metzmacher 2002
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
@@ -158,7 +159,8 @@ static const char *attr[] = {"uid", "pwd
******************************************************************/
static BOOL ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP ** ldap_struct)
{
-
+ int version;
+
if (geteuid() != 0) {
DEBUG(0, ("ldap_open_connection: cannot access LDAP when not root..\n"));
return False;
@@ -171,6 +173,16 @@ static BOOL ldapsam_open_connection (str
DEBUG(0, ("ldap_initialize: %s\n", strerror(errno)));
return (False);
}
+
+ if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS)
+ {
+ if (version != LDAP_VERSION3)
+ {
+ version = LDAP_VERSION3;
+ ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
+ }
+ }
+
#else
/* Parse the string manually */
@@ -179,7 +191,6 @@ static BOOL ldapsam_open_connection (str
int rc;
int tls = LDAP_OPT_X_TLS_HARD;
int port = 0;
- int version;
fstring protocol;
fstring host;
const char *p = ldap_state->uri;
@@ -409,7 +420,7 @@ static int ldapsam_search_one_user (stru
DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter));
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, attr, 0, result);
+ rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, (char **)attr, 0, result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_search_one_user: Problem during the LDAP search: %s\n",
@@ -932,9 +943,6 @@ static BOOL init_ldap_from_sam (struct l
slprintf(temp, sizeof(temp) - 1, "%i", rid);
make_a_mod(mods, ldap_op, "primaryGroupID", temp);
- slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
- make_a_mod(mods, ldap_op, "pwdLastSet", temp);
-
/* displayName, cn, and gecos should all be the same
* most easily accomplished by giving them the same OID
* gecos isn't set here b/c it should be handled by the
@@ -977,6 +985,7 @@ static BOOL init_ldap_from_sam (struct l
make_a_mod(mods, ldap_op, "kickoffTime", temp);
}
+
if (IS_SAM_SET(sampass, FLAG_SAM_CANCHANGETIME)) {
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass));
make_a_mod(mods, ldap_op, "pwdCanChange", temp);
@@ -987,13 +996,26 @@ static BOOL init_ldap_from_sam (struct l
make_a_mod(mods, ldap_op, "pwdMustChange", temp);
}
- /* FIXME: Hours stuff goes in LDAP */
- pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
- make_a_mod (mods, ldap_op, "lmPassword", temp);
+#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+ if (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)
+ {
+#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
+
+ pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
+ make_a_mod (mods, ldap_op, "lmPassword", temp);
- pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
- make_a_mod (mods, ldap_op, "ntPassword", temp);
+ pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
+ make_a_mod (mods, ldap_op, "ntPassword", temp);
+ slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
+ make_a_mod(mods, ldap_op, "pwdLastSet", temp);
+
+#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+ }
+#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
+
+ /* FIXME: Hours stuff goes in LDAP */
+
make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
NEW_PW_FORMAT_SPACE_PADDED_LEN));
@@ -1018,18 +1040,19 @@ static uint32 check_nua_rid_is_avail(str
if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, final_rid, &result) != LDAP_SUCCESS) {
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the confirmation search failed!\n", final_rid, final_rid));
- final_rid = 0;
ldap_msgfree(result);
+ return 0;
}
if (ldap_count_entries(ldap_struct, result) != 0)
{
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the RID is already in use!!\n", final_rid, final_rid));
- final_rid = 0;
ldap_msgfree(result);
+ return 0;
}
DEBUG(5, ("NUA RID %d (0x%x), declared valid\n", final_rid, final_rid));
+ ldap_msgfree(result);
return final_rid;
}
@@ -1081,7 +1104,7 @@ static uint32 search_top_nua_rid(struct
DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter));
rc = ldap_search_s(ldap_struct, lp_ldap_suffix(),
- LDAP_SCOPE_SUBTREE, final_filter, attr, 0,
+ LDAP_SCOPE_SUBTREE, final_filter, (char **)attr, 0,
&result);
if (rc != LDAP_SUCCESS)
@@ -1179,7 +1202,7 @@ static BOOL ldapsam_setsampwent(struct p
all_string_sub(filter, "%u", "*", sizeof(pstring));
rc = ldap_search_s(ldap_state->ldap_struct, lp_ldap_suffix(),
- LDAP_SCOPE_SUBTREE, filter, attr, 0,
+ LDAP_SCOPE_SUBTREE, filter, (char **)attr, 0,
&ldap_state->result);
if (rc != LDAP_SUCCESS)
@@ -1361,6 +1384,100 @@ static BOOL ldapsam_getsampwsid(struct p
return ldapsam_getsampwrid(my_methods, user, rid);
}
+static BOOL ldapsam_modify_entry(LDAP *ldap_struct,SAM_ACCOUNT *newpwd,char *dn,LDAPMod **mods,int ldap_op)
+{
+ int version;
+ int rc;
+
+ switch(ldap_op)
+ {
+ case LDAP_MOD_ADD:
+ if((rc = ldap_add_s(ldap_struct,dn,mods))!=LDAP_SUCCESS)
+ {
+ char *ld_error;
+ ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
+ &ld_error);
+ DEBUG(0,
+ ("failed to add user with uid = %s with: %s\n\t%s\n",
+ pdb_get_username(newpwd), ldap_err2string(rc),
+ ld_error));
+ free(ld_error);
+ return False;
+ }
+ break;
+ case LDAP_MOD_REPLACE:
+ if((rc = ldap_modify_s(ldap_struct,dn,mods))!=LDAP_SUCCESS)
+ {
+ char *ld_error;
+ ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
+ &ld_error);
+ DEBUG(0,
+ ("failed to modify user with uid = %s with: %s\n\t%s\n",
+ pdb_get_username(newpwd), ldap_err2string(rc),
+ ld_error));
+ free(ld_error);
+ return False;
+ }
+ break;
+ default:
+ DEBUG(0,("Wrong LDAP operation type: %d!\n",ldap_op));
+ return False;
+ }
+
+#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+ if (ldap_get_option(ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS)
+ {
+ if (version != LDAP_VERSION3)
+ {
+ version = LDAP_VERSION3;
+ ldap_set_option (ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
+ }
+ }
+
+ if ((lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_OFF)&&(pdb_get_plaintext_passwd(newpwd)!=NULL))
+ {
+ BerElement *ber;
+ struct berval *bv;
+ char *retoid;
+ struct berval *retdata;
+
+ if ((ber = ber_alloc_t(LBER_USE_DER))==NULL)
+ {
+ DEBUG(0,("ber_alloc_t returns NULL\n"));
+ return False;
+ }
+ ber_printf (ber, "{");
+ ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,dn);
+ ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, pdb_get_plaintext_passwd(newpwd));
+ ber_printf (ber, "N}");
+
+ if ((rc = ber_flatten (ber, &bv))<0)
+ {
+ DEBUG(0,("ber_flatten returns a value <0\n"));
+ return False;
+ }
+
+ ber_free(ber,1);
+
+ if ((rc = ldap_extended_operation_s(ldap_struct, LDAP_EXOP_X_MODIFY_PASSWD,
+ bv, NULL, NULL, &retoid, &retdata))!=LDAP_SUCCESS)
+ {
+ DEBUG(0,("LDAP Password could not be changed for user %s: %s\n",
+ pdb_get_username(newpwd),ldap_err2string(rc)));
+ } else {
+ DEBUG(3,("LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
+
+ ber_bvfree(retdata);
+ ber_memfree(retoid);
+ }
+ ber_bvfree(bv);
+ }
+#else
+ DEBUG(10,("LDAP PASSWORD SYNC is not supported!\n"));
+#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
+ return True;
+}
+
/**********************************************************************
Delete entry from LDAP for username
*********************************************************************/
@@ -1402,7 +1519,8 @@ static BOOL ldapsam_delete_sam_account(s
entry = ldap_first_entry (ldap_struct, result);
dn = ldap_get_dn (ldap_struct, entry);
-
+ ldap_msgfree(result);
+
rc = ldap_delete_s (ldap_struct, dn);
ldap_memfree (dn);
@@ -1463,23 +1581,18 @@ static BOOL ldapsam_update_sam_account(s
entry = ldap_first_entry(ldap_struct, result);
dn = ldap_get_dn(ldap_struct, entry);
-
- rc = ldap_modify_s(ldap_struct, dn, mods);
-
- if (rc != LDAP_SUCCESS)
+ ldap_msgfree(result);
+
+ if (!ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,LDAP_MOD_REPLACE))
{
- char *ld_error;
- ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
- &ld_error);
- DEBUG(0,
- ("failed to modify user with uid = %s with: %s\n\t%s\n",
- pdb_get_username(newpwd), ldap_err2string(rc),
- ld_error));
- free(ld_error);
+ DEBUG(0,("failed to modify user with uid = %s\n",
+ pdb_get_username(newpwd)));
+ ldap_mods_free(mods,1);
ldap_unbind(ldap_struct);
return False;
}
+
DEBUG(2,
("successfully modified uid = %s in the LDAP database\n",
pdb_get_username(newpwd)));
@@ -1502,7 +1615,7 @@ static BOOL ldapsam_add_sam_account(stru
LDAPMod **mods = NULL;
int ldap_op;
uint32 num_result;
-
+
const char *username = pdb_get_username(newpwd);
if (!username || !*username) {
DEBUG(0, ("Cannot add user without a username!\n"));
@@ -1574,26 +1687,15 @@ static BOOL ldapsam_add_sam_account(stru
}
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");
- if (ldap_op == LDAP_MOD_REPLACE) {
- rc = ldap_modify_s(ldap_struct, dn, mods);
- }
- else {
- rc = ldap_add_s(ldap_struct, dn, mods);
- }
-
- if (rc != LDAP_SUCCESS)
+ if (!ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,ldap_op))
{
- char *ld_error;
-
- ldap_get_option (ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
- DEBUG(0,("failed to modify/add user with uid = %s (dn = %s) with: %s\n\t%s\n",
- pdb_get_username(newpwd), dn, ldap_err2string (rc), ld_error));
- free(ld_error);
- ldap_mods_free(mods, 1);
+ DEBUG(0,("failed to modify/add user with uid = %s (dn = %s)\n",
+ pdb_get_username(newpwd),dn));
+ ldap_mods_free(mods,1);
ldap_unbind(ldap_struct);
return False;
}
-
+
DEBUG(2,("added: uid = %s in the LDAP database\n", pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
ldap_unbind(ldap_struct);
More information about the samba-technical
mailing list