Index: source/passdb/pdb_ldap.c
===================================================================
--- source/passdb/pdb_ldap.c	(revision 5277)
+++ source/passdb/pdb_ldap.c	(working copy)
@@ -1432,6 +1432,38 @@
 	return smbldap_has_extension(ldap_state, LDAP_EXOP_MODIFY_PASSWD);
 }
 
+/*******************************************************
+ generate salt for unix crypt
+ stolen from pGina, thanks.
+*******************************************************/
+
+static char * _get_salt (char salt[3])
+{
+  int i;
+  int j;
+
+  for (j = 0; j < 2; j++)
+    {
+      i = rand () % 3;
+      switch (i)
+	{
+	case 0:
+	  i = (rand () % (57 - 46)) + 46;
+	  break;
+	case 1:
+	  i = (rand () % (90 - 65)) + 65;
+	  break;
+	case 2:
+	  i = (rand () % (122 - 97)) + 97;
+	  break;
+	}
+      salt[j] = i;
+    }
+  salt[2] = '\0';
+  return salt;
+}
+
+
 /********************************************************************
  Do the actual modification - also change a plaintext passord if 
  it it set.
@@ -1496,9 +1528,35 @@
 		char *utf8_dn;
 
 		if (!ldapsam_can_pwchange_exop(ldap_state->smbldap_state)) {
-			DEBUG(2, ("ldap password change requested, but LDAP "
-				  "server does not support it -- ignoring\n"));
-			return NT_STATUS_OK;
+
+		  /* try to modify userPassword */
+		  const char *plaintext_passwd;
+                  char *scrypt;
+		  char *modcrypt;
+		  size_t modlen;
+		  LDAPMod **mods = NULL;
+		  char salt[3];
+
+		  plaintext_passwd = pdb_get_plaintext_passwd(newpwd);
+		  _get_salt( salt);
+		  scrypt =crypt( plaintext_passwd, salt);
+
+#define LDAP_CRYPT "{crypt}"
+		  modlen = strlen( LDAP_CRYPT) + strlen( scrypt) + 1;
+		  
+		  modcrypt= (char *) SMB_MALLOC( modlen);
+		  if (modcrypt == NULL)
+		    return  NT_STATUS_NO_MEMORY;
+
+		  safe_strcpy( modcrypt, LDAP_CRYPT, modlen);
+		  safe_strcat( modcrypt, scrypt, modlen); /* no utf8 encoding needed */
+
+		  smbldap_set_mod(&mods, LDAP_MOD_REPLACE, "userPassword", modcrypt );
+		  
+		  rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
+		  ldap_mods_free(mods, True);
+		  SAFE_FREE( modcrypt);
+		  return NT_STATUS_OK;
 		}
 
 		if (push_utf8_allocate(&utf8_password, pdb_get_plaintext_passwd(newpwd)) == (size_t)-1) {