this patch enables samba to change the LDAP userPassword when the LDAP server does not support the pwchange_exop extended operation: tested with samba-3.0.10, patch applied to svn head
Created attachment 956 [details] patch against svn head
not sure how I feel forcing the password to use {crypt}
A similar patch was proposed in the past, to use a plaintext password. I would be more comforatable with that, where we could detect the presense of a plaintext password, create NT and LM password on the fly, and use that as the clue to set back a plaintext password. (other services needed the plaintext in this case) The reason I used the exop is that then samba wasn't having to decide schemas, crypt() and everything else. I share jerry's reservation about the {crypt} stuff.
What concrete LDAP server is this targeted at? Isn't there any other way to get the password into that particular one? Volker
(In reply to comment #4) > What concrete LDAP server is this targeted at? Isn't there any other way to get > the password into that particular one? If I remember correctly, it was an openldap server. But please stay tuned, the collegue who asked me to implement this patch is not available today. Will answer the question tomorrow, hopefully.
Sorry I was wrong. It was a SUN One Server. It does not support the exop openldap supports. We found no other way to implement changing passwords. The default didn't work.
*** This bug has been marked as a duplicate of 3514 ***