[Samba] Samba 3.0.24 handling LDAP responses incorrectly

Ryan Steele rsteele at archer-group.com
Mon Apr 7 19:19:00 GMT 2008

Volker Lendecke wrote:
> On Mon, Apr 07, 2008 at 02:03:32PM -0400, Ryan Steele wrote:
>>                         #if defined(LDAP_CONSTRAINT_VIOLATION)
>>                         if (rc == LDAP_CONSTRAINT_VIOLATION)
>>                                 return NT_STATUS_PASSWORD_RESTRICTION;
>>                         #endif
>> ...to pdb_ldap.c didn't seem to change the behavior at all.  I suspect
>> it's because LDAP_CONSTRAINT_VIOLATION isn't defined anywhere in my
>> 3.0.24 source, though I could certainly be wrong.  I'm grabbing the
>> latest source from git to see where that's defined, but if anybody wants
>> to head me off at the pass with the information, it's certainly welcome.
> If your LDAP libs don't have that define, you might try to
> use the value from OpenLDAP:
> #define LDAP_CONSTRAINT_VIOLATION       0x13
> Volker

It's not defined in my Samba source, but I guess that was the wrong
place to look.  On my system, /usr/include/ldap.h does in fact have that
defined.  However, Samba still returns NT_STATUS_UNSUCCESSFUL, and
Windows still  reports that the password couldn't be changed because the
domain was unavailable... have I zigged where I should've zagged, or is
Samba not setting rc properly when it gets the response from LDAP?


More information about the samba mailing list