passdb/pdb_ldap.c
Thierry Lacoste
lacoste at miage.univ-paris12.fr
Sat Aug 18 20:00:42 GMT 2007
Hello,
In ldapsam_modify_entry I read:
if (!mods) {
DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
/* may be password change below however */
It appears to me that ldapsam_modify_entry is never called with a NULL mods.
The problem is that ldapsam_update_sam_account returns when mods is NULL
therefore it does not change the LDAP password.
I have the impression that this (plus the fact that pdb_set_pass_changed_now
has been dropped form pdb_get_set.c) explains that ldap passwd sync = only is
not working.
Please correct me if I'm wrong.
The following patch for 3.0.25 provides a (very rough) workaround
but I'm sure there is a much better fix.
Regards,
Thierry.
--- source/passdb/pdb_ldap.c Sat Aug 18 19:49:09 2007
+++ source/passdb/pdb_ldap.c.orig Sat Aug 18 19:51:58 2007
@@ -1792,7 +1792,7 @@
return NT_STATUS_UNSUCCESSFUL;
}
- if (mods == NULL) {
+ if ((mods == NULL) && (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY))
{
DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing
to
update for user: %s\n",
pdb_get_username(newpwd)));
SAFE_FREE(dn);
More information about the samba-technical
mailing list