[Samba] password sync and ldap acls

Thierry Lacoste lacoste at univ-paris12.fr
Fri Jun 2 11:56:22 GMT 2006

On Thursday 01 June 2006 23:23, Thierry Lacoste wrote:
> I'm using samba 3.0.14a + openldap .2.27 on FreeBSD 6.0-RELEASE.
> I followed the "Linux Samba-OpenLDAP Howto" from IDEALX.
> My slapd.conf rootdn is cn=ldapmgr,ou=Managers,o=miage
> My smb.conf ldap admin dn is cn=sambamgr,ou=Managers,o=miage
> With the ACLs from section 5 (Security considerations) of the Howto
> when I change a user password from windows XP the userPassword
> attribute is not modified so my Unix and Windows passwords are
> not in sync.
> I found that adding the following ACL to my slapd.conf resoves the issue.
> access to *
>       by dn="cn=sambamgr,ou=Managers,o=miage" read
> I did several tests but can't figure out what are the attributes that
> sambamgr needs to read in order to update the userPassword attribute.
Answering myself the following thread discusses this issue:

Sorry for the noise.

More information about the samba mailing list