Bug 4313 - LDAP sambaPwdCanChange of user does not override policy
Summary: LDAP sambaPwdCanChange of user does not override policy
Status: NEW
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.23d
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-12-28 13:23 UTC by Felipe Augusto van de Wiel
Modified: 2007-01-15 11:15 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Felipe Augusto van de Wiel 2006-12-28 13:23:26 UTC

  We are running Samba on a Debian "etch" machine (x86),
four processors (Intel(R) Xeon(TM) CPU 3.00GHz) and 4GB
of RAM memory. We use LDAP as a backend to manage about
200 users and computers. The version of involved softwares:

  * libldap2  2.1.30-13+b1
  * samba     3.0.23d-2+b1
  * slapd     2.3.29-1

  Using the policies for password seems to work fine. One
of the test scenarios that we built is the need to allow
a specific user to change his password before the default
policy time, we define 7 days (604800) in sambaMinPwdAge 
on the sambaDomainName object.

  Using my user (felipe), if I change the password in a
Win2kPro it works just fine, and checking with pdbedit it 
shows that I can only change the password in 7 days, if I
try to change the password I get an information window
telling me that the account is not allowed to change the
password right now. Accessing the LDAP object of my account 
and changing the sambaPwdCanChange to use the same value of 
sambaPwdLastSet (or even using sambaPwdLastSet+1 or 
sambaPwdLastSet+60), it still do not allow my user to change 
the password again. And I think it looks like a "bug". :-)

   Thanks in advance.

Felipe (faw)
Comment 1 Felipe Augusto van de Wiel 2006-12-29 13:50:38 UTC
Sorry, I forgot to add the libldap library information:

  * libldap-2.3-0  2.3.29-1

Kind regards,

Felipe (faw)