[ltb-dev] [LDAP Tool Box - Bug #856] (New) Handle LDAP bind extended error format incompatibility with Samba4

noreply at lsc-project.org noreply at lsc-project.org
Sat Apr 16 16:20:19 CEST 2016


Issue #856 has been reported by Yuri Bugelli.

----------------------------------------
Bug #856: Handle LDAP bind extended error format incompatibility with Samba4
http://tools.lsc-project.org/issues/856

Author: Yuri Bugelli
Status: New
Priority: Normal
Assigned to: 
Category: Self Service Password
Target version: 


This one is not strictly a LTB bug, but it seems we can't handle a Samba4 AD because of the wrong extended data samba returns when LTB is binding with user credentials.

For example, when a user must change the password at next logon, Windows AD returns something like:
*additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1*
where 773 is the code for "user must change the password"

while samba4 return this:
*additional info: Simple Bind Failed: NT_STATUS_PASSWORD_MUST_CHANGE*

the same thing for the code *532*, where Samba4 return *NT_STATUS_ACCOUNT_EXPIRED*

This breaks the change.php file functionality

I'm sending you my patch to solve this problem, at least until samba developers won't resolve the bug (n. 9048 on their bug tracker)



-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20160416/98821d76/attachment.htm>


More information about the ltb-dev mailing list