[PATCH] LDAP EXOP password change
Michael Gorven
michael at gorven.za.net
Sat Nov 1 21:49:33 GMT 2008
Hi
The option "ldap passwd sync = only" (which uses an LDAP extended operation
to change the password) has been broken for a while[1-3]. This means that
using the smbk5pwd module with OpenLDAP to keep Unix and Samba passwords
synchronised doesn't work.
I discovered that the password change requests sent by Samba had some extra
data at the end compared to those sent by ldappasswd. I then compared the
way in which Samba generated these packets and found a tiny difference in the
process.
The attached patch (which is deceptively simple) fixes the issue for me. I'm
using Samba 3.2.3 and OpenLDAP 2.4.9 on Ubuntu.
Michael
[1] http://lists.samba.org/archive/samba/2007-August/134436.html
[2] http://lists.samba.org/archive/samba/2007-July/133776.html
[3] http://lists.samba.org/archive/samba/2008-April/140083.html
--
http://michael.gorven.za.net
PGP Key ID 6612FE85
S/MIME Key ID AAF09E0E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap-exop.diff
Type: text/x-patch
Size: 638 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20081101/59123691/ldap-exop.bin
More information about the samba-technical
mailing list