Fix for bug #5163 from Laurent Pinchart <pinchart@skynet.be>

Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL unconditionally.
Jeremy.

diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index afcb463a631686597b017e0a8001f1e6a42059b4..8d7caba90dda70eb61101fc262347062a2485b09 100644 (file)
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -1651,6 +1651,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
                                pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
                        SAFE_FREE(ld_error);
                        ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+                       if (rc == LDAP_CONSTRAINT_VIOLATION)
+                               return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
                        return NT_STATUS_UNSUCCESSFUL;
                } else {
                        DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));