Samba4: Changing a user's passwd via LDAP

Michael Wood esiotrot at gmail.com
Fri Aug 20 08:32:32 MDT 2010


Hi Lukasz

On 20 August 2010 15:42, Lukasz Zalewski <lukas at dcs.qmul.ac.uk> wrote:
> On 08/20/2010 12:57 PM, Michael Wood wrote:
>> I need to provide a web-based interface for users to change their
>> passwords in Samba4.  Is LDAP the best option?
[...]
>> I would appreciate any suggestions for how to do this, preferably from
>> Python, or if LDAP is not the best way, then I would appreciate it if
>> you could let me know what the best way is.
[...]
>
> Hi Michael,
> You might want to have a look at
> http://msdn.microsoft.com/en-us/library/cc223248%28v=PROT.10%29.aspx

Thanks, I haven't read through that properly yet, but I don't think I
need to, since with Stefan's help I can change the password, as long
as I log in as an admin user.

> I have managed to set the password using ldap interface as an admin user and
> as normal user. Attached is proof-of-concept python script that allows you
> to do the password change as an admin (--set_password_asadmin) or as a user
> (--set_password_asuser)
> the script assumes that you have got the appropriate krb ticket before its
> run

Thanks.  I'll have a look at it now.

> However i have noticed a strange thing. using the included script with kinit
> user1 at mydomain
> i have managed to change the password for userb - again it requires to know
> the userb old password - is this intended behaviour?

I believe there have been discussions on the list recently about how
best to fix this.

-- 
Michael Wood <esiotrot at gmail.com>


More information about the samba-technical mailing list