samba4 pasword change from external app
Michael Ströder
michael at stroeder.com
Tue Aug 11 14:49:39 MDT 2009
Volker Lendecke wrote:
> On Tue, Aug 11, 2009 at 02:41:21PM +0200, Michael Ströder wrote:
>> Tine Mezgec wrote:
>>> I was wondering what's the proper way for an external service to change a
>>> password that is stored in an openldap backend for s4.
>>>
>>> Can I just compute the hash (how?) for unicodePwd and put it in s4s
>>> openldap or is there a better way to do it?
>> If you access the LDAP port served by smbd you should be able to do the same
>> LDAP operations like described in this MSDN knowledge base article:
>>
>> http://support.microsoft.com/kb/269190
>>
>> If not, then it's a bug in Samba4.
>
> Well, the first version (delete old -> add new unicodePw)
> does not work. By your definition, this would be a bug then?
Not by my definition. ;-)
It's a bug by the explicit project goal that Samba4 is completely compatible
to recent MS AD. This requires MOD_DEL/MOD_ADD for the user changing his own
password by modifying unicodePwd in his entry via LDAP. MS AD refuses to
process MOD_REPLACE if the user changes his own password.
Ciao, Michael.
More information about the samba-technical
mailing list