Samba4: Changing a user's passwd via LDAP

Michael Wood esiotrot at
Fri Aug 20 08:28:52 MDT 2010

On 20 August 2010 15:01, Stefan (metze) Metzmacher <metze at> wrote:
> Am 20.08.2010 13:57, schrieb Michael Wood:
>> Hi
>> I need to provide a web-based interface for users to change their
>> passwords in Samba4.  Is LDAP the best option?
>> Should the following work?
>> I tried using ldapmodify with the following ldif:
>> dn: CN=user,CN=Users,DC=my,DC=realm
>> changetype: modify
>> add: unicodePwd
>> unicodePwd: "NewPassword"
>> -
>> delete: unicodePwd
>> unicodePwd: "OldPassword"
>> -
> But this needs to be UTF16 not utf8.
> Maybe this python code helps you.

Thanks, converting to utf-16-le works as long as I authenticate as an
admin, but I'm having trouble getting it to work as a normal user.

When I try I get the following exception:

ldap.INSUFFICIENT_ACCESS: {'info': '00002098: insufficient access
rights - error in module acl: insufficient access rights (50)',
'desc': 'Insufficient access'}

I'm trying to see if I can figure out why that it, but so far no luck.

Michael Wood <esiotrot at>

More information about the samba-technical mailing list