[Samba] password sync and ldap acls

Thierry Lacoste th.lacoste at wanadoo.fr
Thu Jun 1 17:55:27 GMT 2006


I followed the "Linux Samba-OpenLDAP Howto" from IDEALX.
My slapd.conf rootdn is cn=ldapmgr,ou=Managers,o=miage
My smb.conf ldap admin dn is cn=sambamgr,ou=Managers,o=miage

With the ACLs from section 5 (Security considerations) of the Howto
when I change a user password from windows XP the userPassword
attribute is not modified so my Unix and Windows passwords are
not in sync.

I found that adding the following ACL to my slapd.conf resoves the issue.

access to *
      by dn="cn=sambamgr,ou=Managers,o=miage" read

I did several tests but can't figure out what are the attributes that
sambamgr needs to read in order to update the userPassword attribute ?

Any help would be appreciated.


More information about the samba mailing list