Re: [Samba] Samba 3.0.24 handling LDAP responses incorrectly

[Volker Lendecke <Volker.Lendecke@xxxxxxxxx>]

On Fri, Apr 04, 2008 at 04:47:56PM -0400, John Drescher wrote:
> I think the bug/problem is that this message is being displayed
> instead of "Password could not be changed for user
>   tester: Constraint violation" and "does not pass required number  of
> strength checks (1 of 3)."

Current 3.2 has the attached code. Might help for you.

Volker

diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 54c2500..c07d59a 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -1644,6 +1644,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
 				pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
 			SAFE_FREE(ld_error);
 			ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+			if (rc == LDAP_CONSTRAINT_VIOLATION)
+				return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
 			return NT_STATUS_UNSUCCESSFUL;
 		} else {
 			DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));

Attachment: pgpDK6p1iLRqc.pgp
Description: PGP signature

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba