r12245: eDirectory returns LDAP_UNWILLING_TO_PERFORM if the

account is disabled. If we get this we can't check
the password so have to tell the client the account
was disabled.
Jeremy.
(This used to be commit 43c2d545ab98fef341c7e22d3b82c98bd0afebc2)

diff --git a/source3/passdb/pdb_nds.c b/source3/passdb/pdb_nds.c
index c6d644827c773c7e96408e414b047a5784c1654d..1ec96932231295db965d5b5804451f224b0447c0 100644 (file)
--- a/source3/passdb/pdb_nds.c
+++ b/source3/passdb/pdb_nds.c
@@ -824,6 +824,15 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
                                        case LDAP_INVALID_CREDENTIALS:
                                                nt_status = NT_STATUS_WRONG_PASSWORD;
                                                break;
+                                       case LDAP_UNWILLING_TO_PERFORM:
+                                               /* eDir returns this if the account was disabled. */
+                                               /* The problem is we don't know if the given
+                                                  password was correct for this account or
+                                                  not. We have to return more info than we
+                                                  should and tell the client NT_STATUS_ACCOUNT_DISABLED
+                                                  so they don't think the password was bad. JRA. */
+                                               nt_status = NT_STATUS_ACCOUNT_DISABLED;
+                                               break;
                                        default:
                                                break;
                                }