Bug 4313 - LDAP sambaPwdCanChange of user does not override policy
LDAP sambaPwdCanChange of user does not override policy
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
x86 Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2006-12-28 13:23 UTC by Felipe Augusto van de Wiel
Modified: 2007-01-15 11:15 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Felipe Augusto van de Wiel 2006-12-28 13:23:26 UTC

  We are running Samba on a Debian "etch" machine (x86),
four processors (Intel(R) Xeon(TM) CPU 3.00GHz) and 4GB
of RAM memory. We use LDAP as a backend to manage about
200 users and computers. The version of involved softwares:

  * libldap2  2.1.30-13+b1
  * samba     3.0.23d-2+b1
  * slapd     2.3.29-1

  Using the policies for password seems to work fine. One
of the test scenarios that we built is the need to allow
a specific user to change his password before the default
policy time, we define 7 days (604800) in sambaMinPwdAge 
on the sambaDomainName object.

  Using my user (felipe), if I change the password in a
Win2kPro it works just fine, and checking with pdbedit it 
shows that I can only change the password in 7 days, if I
try to change the password I get an information window
telling me that the account is not allowed to change the
password right now. Accessing the LDAP object of my account 
and changing the sambaPwdCanChange to use the same value of 
sambaPwdLastSet (or even using sambaPwdLastSet+1 or 
sambaPwdLastSet+60), it still do not allow my user to change 
the password again. And I think it looks like a "bug". :-)

   Thanks in advance.

Felipe (faw)
Comment 1 Felipe Augusto van de Wiel 2006-12-29 13:50:38 UTC
Sorry, I forgot to add the libldap library information:

  * libldap-2.3-0  2.3.29-1

Kind regards,

Felipe (faw)