When changing a user password with an ldapsam backend, a failure reported by the LDAP server is mapped to the NT_STATUS_UNSUCCESSFUL error code regardless of the failure cause. Failures due to password policies violations should be mapped to more meaningful error codes. [2007/12/27 18:38:53, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1651) ldapsam_modify_entry: LDAP Password could not be changed for user *********: Constraint violation Password fails quality checking policy There seems to be three password-related error codes (NT_STATUS_PWD_TOO_SHORT, NT_STATUS_PWD_TOO_RECENT, NT_STATUS_PWD_HISTORY_CONFLICT). I haven't checked if the LDAP server returns the same error for all 3 cases.
Created attachment 3080 [details] Return NT_STATUS_PASSWORD_RESTRICTION when ldap password policy check failed
Ok, looks good to me. Pushed for 3.0.28a and 3.2. Thanks ! Jeremy.
*** Bug 6375 has been marked as a duplicate of this bug. ***