Fri, 10 Apr 2026 04:38:49 +0000 https://bugs.horde.org/ticket/8192 smbldap: error changing password Every time I try to change password after having configured the smbldap backend I get this message from Passwd: * ErrorFailure in changing password for Account Economia: Insufficient access and these php warnings: Warning: Missing argument 2 for Passwd_Driver_smbldap::_lookupdn(), called in /var/www/horde/passwd/lib/Driver/ldap.php on line 145 and defined in /var/www/horde/passwd/lib/Driver/smbldap.php on line 141 Notice: Undefined variable: passw in /var/www/horde/passwd/lib/Driver/smbldap.php on line 151 Warning: ldap_mod_replace() [function.ldap-mod-replace]: Modify: Insufficient access in /var/www/horde/passwd/lib/Driver/ldap.php on line 201 Warning: Cannot modify header information - headers already sent by (output started at /var/www/horde/passwd/lib/Driver/smbldap.php:141) in /var/www/horde/passwd/templates/common-header.inc on line 4 Warning: Cannot modify header information - headers already sent by (output started at /var/www/horde/passwd/lib/Driver/smbldap.php:141) in /var/www/horde/passwd/templates/common-header.inc on line 5 This is what I have in passwd backends.php: $backends['smbldap'] = array( 'name' => 'Account My Domain', 'preferred' => 'www.example.com', 'password policy' => array( 'minLength' => 3, 'maxLength' => 32 ), 'driver' => 'smbldap', 'params' => array( 'host' => 'ldap.my.domain.it', 'port' => 389, 'basedn' => 'ou=People,dc=my,dc=domain,dc=it', 'uid' => 'uid', // This will be appended to the username when looking for the userdn. 'realm' => '', 'encryption' => 'crypt', // Make sure the host == cn in the server certificate. 'tls' => false, // If any of the following attributes are commented out, they // won't be set on the LDAP server. 'lm_attribute' => 'sambaLMPassword', 'nt_attribute' => 'sambaNTPassword', // 'pw_set_attribute' => 'sambaPwdLastSet', // 'pw_expire_attribute' => 'sambaPwdMustChange', // The number of days until samba passwords expire. If this // is commented out, passwords will never expire. // 'pw_expire_time' => 180, ) ); Tue, 14 Apr 2009 13:40:11 +0000 https://bugs.horde.org/ticket/8192#t53649 Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/passwd/docs/CHANGES?rt=horde&r1=1.111&r2=1.112&ty=u http://cvs.horde.org/diff.php/passwd/lib/Driver/ldap.php?rt=horde&r1=1.59&r2=1.60&ty=u http://cvs.horde.org/diff.php/passwd/lib/Driver/smbldap.php?rt=horde&r1=1.20&r2=1.21&ty=u Tue, 18 Aug 2009 12:22:28 +0000 https://bugs.horde.org/ticket/8192#t55348 Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/passwd/docs/CHANGES?rt=horde&r1=1.79.2.32&r2=1.79.2.33&ty=u http://cvs.horde.org/diff.php/passwd/lib/Driver/ldap.php?rt=horde&r1=1.41.2.9&r2=1.41.2.10&ty=u http://cvs.horde.org/diff.php/passwd/lib/Driver/smbldap.php?rt=horde&r1=1.7.2.5&r2=1.7.2.6&ty=u Tue, 18 Aug 2009 12:27:17 +0000 https://bugs.horde.org/ticket/8192#t55349 Please try what I committed. Tue, 18 Aug 2009 12:27:36 +0000 https://bugs.horde.org/ticket/8192#t55351 > Please try what I committed. I tried the FRAMEWORK_3 branch: it still does not work but some warnings are gone: same error message: * ErrorFailure in changing password for Account Economia: Insufficient access php warnings: Warning: ldap_mod_replace() [function.ldap-mod-replace]: Modify: Insufficient access in /var/www/horde/passwd/lib/Driver/ldap.php on line 209 Warning: Cannot modify header information - headers already sent by (output started at /var/www/horde/passwd/lib/Driver/ldap.php:209) in /var/www/horde/passwd/templates/common-header.inc on line 4 Warning: Cannot modify header information - headers already sent by (output started at /var/www/horde/passwd/lib/Driver/ldap.php:209) in /var/www/horde/passwd/templates/common-header.inc on line 5 Wed, 19 Aug 2009 08:17:43 +0000 https://bugs.horde.org/ticket/8192#t55410 Well, these are at least no errors from Horde anymore. It's exactly what the error message says: you don't have sufficient permissions to update the LDAP attributes. Wed, 19 Aug 2009 08:40:57 +0000 https://bugs.horde.org/ticket/8192#t55411 > Well, these are at least no errors from Horde anymore. It's exactly > what the error message says: you don't have sufficient permissions to > update the LDAP attributes. That's really strange, because with passwd 3.0.1 and the same configuration it's working fine. Wed, 19 Aug 2009 10:10:23 +0000 https://bugs.horde.org/ticket/8192#t55415 What *is* your configuration actually? And can you try to debug this on your own? Maybe the binding doesn't work the same like in Passwd 3.0. Wed, 19 Aug 2009 10:41:44 +0000 https://bugs.horde.org/ticket/8192#t55416 OK, I found the problem: passwd 3.0.1 inside ldap.php try to change only the "userPassword" ldap attribute when using smbldap backend. With 3.1.2 it also try to update the "shadowLastChange" ldap attribute which I was denying to self users. With 3.1.2 is possible to disable the "shadowLastChange" attribute but only for the ldap backend, not for the smbldap. To fix this what about merging smbldap backend inside the ldap one, where the smb attributes are enabled only if they are uncommented? Wed, 19 Aug 2009 14:31:01 +0000 https://bugs.horde.org/ticket/8192#t55423 Why would you want to disable resetting of the shadowlastchange attribute, if you use it. Or asked differently: why do you have shadowlastchange attributes if you don't use them? Wed, 19 Aug 2009 21:03:49 +0000 https://bugs.horde.org/ticket/8192#t55439 > Why would you want to disable resetting of the shadowlastchange > attribute, if you use it. Or asked differently: why do you have > shadowlastchange attributes if you don't use them? Well, yes, I granted write to it only to the admin user, when changing password with its privilege. It make sense to enable write to it to self users. Thu, 20 Aug 2009 09:50:24 +0000 https://bugs.horde.org/ticket/8192#t55458 Okay, I consider this bug closed then. Thu, 20 Aug 2009 15:15:19 +0000 https://bugs.horde.org/ticket/8192#t55467