[ltb-dev] [LDAP Tool Box - Bug #856] (New) Handle LDAP bind extended error format incompatibility with Samba4

noreply at lsc-project.org noreply at lsc-project.org
Sat Apr 16 16:20:19 CEST 2016

Issue #856 has been reported by Yuri Bugelli.

Bug #856: Handle LDAP bind extended error format incompatibility with Samba4

Author: Yuri Bugelli
Status: New
Priority: Normal
Assigned to: 
Category: Self Service Password
Target version: 

This one is not strictly a LTB bug, but it seems we can't handle a Samba4 AD because of the wrong extended data samba returns when LTB is binding with user credentials.

For example, when a user must change the password at next logon, Windows AD returns something like:
*additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1*
where 773 is the code for "user must change the password"

while samba4 return this:
*additional info: Simple Bind Failed: NT_STATUS_PASSWORD_MUST_CHANGE*

the same thing for the code *532*, where Samba4 return *NT_STATUS_ACCOUNT_EXPIRED*

This breaks the change.php file functionality

I'm sending you my patch to solve this problem, at least until samba developers won't resolve the bug (n. 9048 on their bug tracker)

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20160416/98821d76/attachment.htm>

More information about the ltb-dev mailing list