[Samba] AD DC LDAP support for the 'password change' extended operation

Andrew Bartlett abartlet at samba.org
Wed Feb 6 14:25:52 MST 2013

On Mon, 2013-02-04 at 10:31 +0100, Luis Angel Fernandez Fernandez wrote:
>   Hi!
>   I'm trying to use the internal LDAP provided by Samba4 to store mail
> domains used by SOGo. I have two sets of users. Those used by Samba and
> created through samba-tool and those created under some "ou" I have made
> up. A few days ago I was able to change the latter users passwords using
> "ldapadmin" (a windows LDAP client) but today I am not. When I try to
> change a password I get an error message like "RPC server unavailable".
>   And I have another problem with LDAP. I have to use ldapadmin to change
> users' password because ldappasswd gives me this error:
> ldappasswd -d4 -h "cn=juan.lapuerta,ou=alisys.net
> ,dc=aliratiun,dc=tic"
> ldap_build_search_req ATTRS: supportedSASLMechanisms
> SASL/GSSAPI authentication started
> SASL username: Administrator at ALIRATIUN.TIC
> SASL SSF: 56
> SASL data security layer installed.
> Result: Protocol error (2)
> Additional info: Extended Operation( not supported
>   But I think I read somewhere that that extended operation is supported.

I can help on this part of the question:  No, the extended operation is
not supported - it remains a wishlist item that one of our developers
was working on at some point, but has not progressed beyond that.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list