[Samba] Allow self password change using LDAP(s) with Samba4

Juan Asensio Sánchez okelet at gmail.com
Wed Dec 30 14:59:09 UTC 2015

Hi all

I am trying to create a webapp to allow users to change their own passwords
in Samba4 (perhaps, also in AD), using LDAP(s). But when I try to modify
the user password using this code:

dn: ........
changetype: modify
replace: unicodePwd
unicodePwd: "Temporal2"

I get this error:

0x32 (Insufficient access; error in module acl: insufficient access rights
during LDB_MODIFY (50))

If I change the code, deleting the old password, and adding the new one:

dn: ........
changetype: modify
delete: unicodePwd
unicodePwd: "Temporal1"
add: unicodePwd
unicodePwd: "Temporal2"

Then I get this error:

#!ERROR [LDAP: error code 53 - 00002035: setup_io: it's not allowed to set
the NT hash password directly']

The ldapmodify are executed using the self user credentials, i wouldn't
like to use the administrator account. Is this possible? Do I have to
change some settings in Samba4?

More information about the samba mailing list