From eeed0c16f0d6a8afb0096dae6501826ec422b56a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 2 Jan 2008 18:20:25 -0800
Subject: [PATCH] Fix for bug #5163 from Laurent Pinchart <pinchart@skynet.be>
 Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL
 unconditionally. Jeremy.

---
 source/passdb/pdb_ldap.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index afcb463a63..8d7caba90d 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -1651,6 +1651,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
 				pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
 			SAFE_FREE(ld_error);
 			ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+			if (rc == LDAP_CONSTRAINT_VIOLATION)
+				return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
 			return NT_STATUS_UNSUCCESSFUL;
 		} else {
 			DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
-- 
2.34.1