From cfcdeb52bf0184874980aebaea602bd2ee5ee411 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 2 Jan 2008 18:20:23 -0800
Subject: [PATCH] Fix for bug #5163 from Laurent Pinchart <pinchart@skynet.be>
 Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL
 unconditionally. Jeremy. (This used to be commit
 9369d6e907a49da1fbf2a5690118412b8d1a0383)

---
 source3/passdb/pdb_ldap.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index b638219466..205b178a93 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1768,6 +1768,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
 				pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
 			SAFE_FREE(ld_error);
 			ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+			if (rc == LDAP_CONSTRAINT_VIOLATION)
+				return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
 			return NT_STATUS_UNSUCCESSFUL;
 		} else {
 			DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
-- 
2.34.1