Samba binds to the DS as the admin server and then just attempts to overwrite
the userPassword attribute (I assume you have ldap sync turned on). It seems
DS doesn't like it: it requires the current password first. Perhaps there is
some configuration change that can help.
I think this could be an access control issue. The default ACIs supplied
with the server only allow root (Directory Manager) and 'self' write access
to the userPassword attribute. If you changed the access control rules
to allow the user that samba binds as write access, that might help.
The access log is your friend : look in there
(.../slapd-<hostname>/logs/access)
to find the operations samba attempted. The ldap result code for the modify
operation will be in there. You will be able to see if the operation failed
due to access control restrictions (error code 50) or for some other reason.
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
