modifyTimestamp on samba-3.0.3

Jim McDonough jmcd at
Thu May 6 11:27:32 GMT 2004

>We cannot remove the \"modifyTimestamop\" from atrrib_map_v30[], because
>attribute list will be used in ldapsam_getsampwnam to get the ldap entry
>which is used in init_sam_from_ldap. If an attribute is not in that entry,

>the call ldap_get_values will fail. This is why the bad_password_count
>work on 3.0.3, in which the ldapsam_get_entry_timestamp will always fail.
I haven't yet verified that this is the source of your problems, but the
patch you included breaks all systems where you don't have "ldap delete dn
= yes", because we will try to delete all the attributes rather than the
entire dn, and you can _never_ delete an operation attribute.

This patch as submitted must not be included until the code is modified to
handle not deleting certain attributes.

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list