[Samba] Samba 3.0.9 PDC and ldap sync

[Paolo Negri]

Hi all
I had a fully working samba + ldap PDC. After upgrading from 3.0.7 to 
3.0.9 I have lost synchronization of samba password and ldap password.
Each time a Windows Client do a password change the server samba produce 
the error

[2005/01/13 16:26:06, 2] passdb/pdb_ldap.c:ldapsam_modify_entry(1572)
  ldap password change requested, but LDAP server does not support it 
-- ignoring

I have checked permissions on attribute userPassword for ldap user used 
by samba for ldap binding.
Is's all right, (infact with 3.0.7 the entire system worked perfectly).
I've already checked the ldap's log at many differents debug levels but 
i didn't find any trace of denying permission or similar.

I would know how I can simulate the ldap password changing as is done by 
samba server.

Please help me.
my packages version
samba-3.0.9
samba-client-3.0.9
openldap2-2.2.6
openldap2-client-2.2.6
my smb.conf
[global]
        passdb backend = ldapsam:ldap://127.0.0.1/
        ldap suffix = dc=mydomain,dc=com
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Users
        ldap admin dn = "uid=samba,ou=LdapUsers,dc=mydomain,dc=com"
        ldap ssl = start tls
        ldap passwd sync = yes
        # Script front end LDAP
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/local/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
        delete user from group script = 
/usr/local/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g 
"%g" "%u"

        workgroup = MYDOMAIN
        netbios name = BUHSERVER
        netbios aliases = YOUARE CLEVER
        comment = Linux Samba PDC
        security = user
        encrypt passwords = Yes
        domain master = yes
        domain logons = yes
        preferred master = yes
        os level = 65
        wins support = yes
        log level = 2 auth:5
        max log size = 0
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        printer admin = @ntadmin, root, administrator
        map to guest = Bad User
        logon script = logon.bat
        logon path =
        logon drive = F:
        logon home = \\%L\%U\.9xprofile
        public = no
        browseable = no
        writeable = no
        min password length = 8
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba