My guess: the behaviour of 3.0.11 is more correct, and something is clearly wrong with your DSA - the client cannot read the rootDSE. Possibly you've got an ACL doing something you don't intend; it doesn't look like a Samba problem. The rootDSE is used to determine features supported by the DSA, included the password-modify extended operation.
You want to say that samba asks LDAP of its possibilities, it returns nothing and samba think that it can not do nothing. Am I right?
---- Alexander Zubkov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
