The Samba-Bugzilla – Bug 5163
Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL unconditionally
Last modified: 2009-05-20 17:37:43 UTC
When changing a user password with an ldapsam backend, a failure reported by the LDAP server is mapped to the NT_STATUS_UNSUCCESSFUL error code regardless of the failure cause.
Failures due to password policies violations should be mapped to more meaningful error codes.
[2007/12/27 18:38:53, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1651)
ldapsam_modify_entry: LDAP Password could not be changed for user *********: Constraint violation
Password fails quality checking policy
There seems to be three password-related error codes (NT_STATUS_PWD_TOO_SHORT, NT_STATUS_PWD_TOO_RECENT, NT_STATUS_PWD_HISTORY_CONFLICT). I haven't checked if the LDAP server returns the same error for all 3 cases.
Created attachment 3080 [details]
Return NT_STATUS_PASSWORD_RESTRICTION when ldap password policy check failed
Ok, looks good to me. Pushed for 3.0.28a and 3.2.
*** Bug 6375 has been marked as a duplicate of this bug. ***