samba4 pasword change from external app

Michael Ströder michael at
Tue Aug 11 14:49:39 MDT 2009

Volker Lendecke wrote:
> On Tue, Aug 11, 2009 at 02:41:21PM +0200, Michael Ströder wrote:
>> Tine Mezgec wrote:
>>> I was wondering what's the proper way for an external service to change a
>>> password that is stored in an openldap backend for s4.
>>> Can I just compute the hash (how?) for unicodePwd and put it in s4s
>>> openldap or is there a better way to do it?
>> If you access the LDAP port served by smbd you should be able to do the same
>> LDAP operations like described in this MSDN knowledge base article:
>> If not, then it's a bug in Samba4.
> Well, the first version (delete old -> add new unicodePw)
> does not work. By your definition, this would be a bug then?

Not by my definition. ;-)

It's a bug by the explicit project goal that Samba4 is completely compatible
to recent MS AD. This requires MOD_DEL/MOD_ADD for the user changing his own
password by modifying unicodePwd in his entry via LDAP. MS AD refuses to
process MOD_REPLACE if the user changes his own password.

Ciao, Michael.

More information about the samba-technical mailing list