Thank you all for replying. I think I have narrowed this problem down to the fact that FDS wants the user's old password when changing it. No matter if you are authenticated as the user or as the Directory Manager. kung.foo.is ~# ldappasswd -ZZ -D "cn=Directory Manager" uid=gg,ou=People,dc=kung,dc=foo -S -x -W New password: Re-enter new password: Enter LDAP Password: Result: Unknown error (89) Additional info: Current passwd must be supplied by the user. This is the same errorcode (err=89) as I see in the access log when I try to change the password from Windows [08/Jun/2005:10:07:11 +0000] conn=1043 op=14 RESULT err=89 tag=120 nentries=0 etime=0 So looks like the problem has been located Next, how to fix it ? ;) David Boreham wrote: > >> >> Samba binds to the DS as the admin server and then just attempts to >> overwrite the userPassword attribute (I assume you have ldap sync >> turned on). It seems DS doesn't like it: it requires the current >> password first. Perhaps there is some configuration change that can help. >> >> >> > I think this could be an access control issue. The default ACIs supplied > with the server only allow root (Directory Manager) and 'self' write access > to the userPassword attribute. If you changed the access control rules > to allow the user that samba binds as write access, that might help. > > The access log is your friend : look in there > (.../slapd-<hostname>/logs/access) > to find the operations samba attempted. The ldap result code for the modify > operation will be in there. You will be able to see if the operation failed > due to access control restrictions (error code 50) or for some other > reason. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- S?valdur Gunnarsson /> RHCE
