Bug 1545 - smbldap_extended_operation fails with Iplanet Directory Server 5.1 (and should do also with version 5.2)
Summary: smbldap_extended_operation fails with Iplanet Directory Server 5.1 (and shoul...
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.4
Hardware: Sparc Solaris
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2004-07-21 11:04 UTC by Lars Timmann
Modified: 2005-08-24 10:27 UTC (History)
0 users

See Also:

possible fix (2.64 KB, patch)
2004-09-25 03:15 UTC, Volker Lendecke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Timmann 2004-07-21 11:04:32 UTC
Hi Samba-Team!
We have a nearly running setup with Samba 3.0.4 and Iplanet Directory Server
5.1, but if we try to change a password we got the following error:
ldapsam_modify_entry: LDAP Password could not be changed for user ltimmann:
Protocol error
        unsupported extended operation
ldapsam_update_sam_account: failed to modify user with uid = ltimmann, error:
unsupported extended operation (Success)

This is because you use the extended operation "Password Modify" which is not implemented in  Iplanet Directory Server
5.{1,2}. Seems that they never have read RFC3062. So we would be glad if you
could add an alternative method in passdb/pdb_ldap.c in function
ldapsam_modify_entry where the password is overwritten via a normal ldap modify.
If it is possible.

Would be great if you can do that or another workaround!
Comment 1 Volker Lendecke 2004-09-25 03:15:10 UTC
Created attachment 678 [details]
possible fix

Could you check the attached patch? We simply don't issue the extended
operation if the ldap server says it does not support the extended operation.
We need info on how iplanet would do the equivalent.

Closing the bug, please reopen if it does not work.

Comment 2 Volker Lendecke 2004-09-25 03:16:42 UTC
Applied a fix with revision 2619

Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:27:23 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.