> >Samba binds to the DS as the admin server and then just attempts to overwrite >the userPassword attribute (I assume you have ldap sync turned on). It seems >DS doesn't like it: it requires the current password first. Perhaps there is >some configuration change that can help. > > > I think this could be an access control issue. The default ACIs supplied with the server only allow root (Directory Manager) and 'self' write access to the userPassword attribute. If you changed the access control rules to allow the user that samba binds as write access, that might help. The access log is your friend : look in there (.../slapd-<hostname>/logs/access) to find the operations samba attempted. The ldap result code for the modify operation will be in there. You will be able to see if the operation failed due to access control restrictions (error code 50) or for some other reason.
