Missing sambaAcctFlags after vampire

Don Watson dwwatson at us.ibm.com
Tue Aug 9 08:54:12 GMT 2005

I am running Samba Version 3.0.20rc1-SVN-build-8475 on SLES9.  After vampiring 
to an ldap backend from an NT4 domain, I discovered that some users are 
missing the sambaAcctFlags entry.  Specifically, those users created on the 
NT4 domain with the attribute "User Must Change Password at Next Logon" are 
missing the entry.

The reason appears to be in init_ldap_from_sam (passdb/pdb_ldap.c); 
need_update (which is really the IS_SAM_CHANGED macro) returns false in the 
above case.  This means no mod is set up, and the call to ldap 
(ldap_modify_s) does not add the sambaAcctFlags entry when creating the 

I have attached a patch with a simple fix, which is to remove the need_update 
check for PDB_ACCTCTRL in init_ldap_from_sam, thereby forcing the mod.  I 
have tested the fix and it does not seem to cause unwanted side effects.  
However, it may violate a conscious design decision of which I am unaware.

Of course, the whole problem could just be a case of user malfunction :-)  If 
so, let me know.
Don Watson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdb_ldap.c.patch
Type: text/x-diff
Size: 525 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050809/15aa537c/pdb_ldap.c.bin

More information about the samba-technical mailing list