passdb/pdb_ldap.c

Thierry Lacoste lacoste at miage.univ-paris12.fr
Sat Aug 18 20:00:42 GMT 2007


Hello,

In ldapsam_modify_entry I read:

	if (!mods) {
		DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
		/* may be password change below however */

It appears to me that ldapsam_modify_entry is never called with a NULL mods.
The problem is that ldapsam_update_sam_account returns when mods is NULL
therefore it does not change the LDAP password.
I have the impression that this (plus the fact that pdb_set_pass_changed_now
has been dropped form pdb_get_set.c) explains that ldap passwd sync = only is
not working.

Please correct me if I'm wrong.

The following patch for 3.0.25 provides a (very rough) workaround
but I'm sure there is a much better fix.

Regards,
Thierry.

--- source/passdb/pdb_ldap.c    Sat Aug 18 19:49:09 2007
+++ source/passdb/pdb_ldap.c.orig       Sat Aug 18 19:51:58 2007
@@ -1792,7 +1792,7 @@
                return NT_STATUS_UNSUCCESSFUL;
        }

-       if (mods == NULL) {
+       if ((mods == NULL) && (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) 
{
                DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing 
to
update for user: %s\n",
                         pdb_get_username(newpwd)));
                SAFE_FREE(dn);



More information about the samba-technical mailing list