Le 26/09/2018 à 17:11, Sebastien BEAUDLOT a écrit : > Hi, > > I am trying to push passwords for my LDAP users to a Samba 4 AD (like > instructions in this howto : > https://lsc-project.org/documentation/tutorial/openldaptoactivedirectory), > but i'm stuck with a LDAP Error 53 : > > Error while modifying entry > CN=beaudlot,cn=Users,dc=adbaka,dc=univ-avignon,dc=fr in directory > :javax.naming.OperationNotSupportedException: [LDAP: error code 53 - > 00002035: setup_io: it's not allowed to set the NT hash password > directly']; > > Dataset look like : > > <dataset> > <name>unicodePwd</name> > <policy>FORCE</policy> > <createValues> > <string>AD.getUnicodePwd("JustTesting4Password!")</string> > </createValues> > </dataset> > > (I am just trying to push a fixed string for now, but future plans > will include pre-encrypted passwords with passwordhk.pl) > > Samba 4 AD connection is secured. I tried TLS and SSL/ldaps, both > working for all other attributes. I also tried to bind with both the > builtin administrator account and a manually made lsc service account. > > Password update seems way more tricky than other attributes, and i may > be missing something important here ...
Seems you are not the only one to have this issue: http://samba.2283325.n4.nabble.com/Setting-unicodePwd-hashes-directly-td2469395.html What I don't understand is why Samba4 thinks your password is a NT hash, it should detect that this is a plain text value. Try to set a default value like "password123" to see if this changes something. -- Clément Oudot | Identity Solutions Manager [email protected] Worteks | https://www.worteks.com
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
