Samba4: Changing a user's passwd via LDAP

Michael Wood esiotrot at
Fri Aug 20 08:32:32 MDT 2010

Hi Lukasz

On 20 August 2010 15:42, Lukasz Zalewski <lukas at> wrote:
> On 08/20/2010 12:57 PM, Michael Wood wrote:
>> I need to provide a web-based interface for users to change their
>> passwords in Samba4.  Is LDAP the best option?
>> I would appreciate any suggestions for how to do this, preferably from
>> Python, or if LDAP is not the best way, then I would appreciate it if
>> you could let me know what the best way is.
> Hi Michael,
> You might want to have a look at

Thanks, I haven't read through that properly yet, but I don't think I
need to, since with Stefan's help I can change the password, as long
as I log in as an admin user.

> I have managed to set the password using ldap interface as an admin user and
> as normal user. Attached is proof-of-concept python script that allows you
> to do the password change as an admin (--set_password_asadmin) or as a user
> (--set_password_asuser)
> the script assumes that you have got the appropriate krb ticket before its
> run

Thanks.  I'll have a look at it now.

> However i have noticed a strange thing. using the included script with kinit
> user1 at mydomain
> i have managed to change the password for userb - again it requires to know
> the userb old password - is this intended behaviour?

I believe there have been discussions on the list recently about how
best to fix this.

Michael Wood <esiotrot at>

More information about the samba-technical mailing list