Password change and LDAP

Andrew Bartlett abartlet at
Tue Apr 6 09:06:50 GMT 2004

On Tue, Apr 06, 2004 at 10:49:45AM +0200, Pierre Filippone wrote:
> Hi,
> we use LDAP as passdb backend in the classic way: PDC using the LDAP 
> master,  BDC using the LDAP slave.
> We now face the problem, that after a password change the user gets an 
> "invalid credentials" message which is caused
> by the replication delay. I think this is a known issue. 
> I've read in the archive, that it might be possible to insert a small 
> delay somewhere in the code, i.e. 1 or 2 seconds, after user
> password change to avoid this error message. I know this should not be the 
> final solution, but has anybody already implemented this ?

Have you looked at 'ldap replicaiton sleep' 3.0.2a

> I looked into the code, but can't find the right place to insert the 
> delay.

Yes.  Just add it after the pdb_update_* call in chgpasswd.c

Andrew Bartlett

More information about the samba-technical mailing list