Fix for bug #5163 from Laurent Pinchart <pinchart@skynet.be>

Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL unconditionally.
Jeremy.

diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index b63821946695e7e7f900e7391654b7ca28d42631..205b178a93f8bae746e5f8a93e6ce25ed8b7f7cd 100644 (file)
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -1768,6 +1768,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
                                pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
                        SAFE_FREE(ld_error);
                        ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+                       if (rc == LDAP_CONSTRAINT_VIOLATION)
+                               return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
                        return NT_STATUS_UNSUCCESSFUL;
                } else {
                        DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));