I am trying to create a webapp to allow users to change their own passwords in Samba4 (perhaps, also in AD), using LDAP(s). But when I try to modify the user password using this code:
dn: ........
changetype: modify
replace: unicodePwd
unicodePwd: "Temporal2"
I get this error:
0x32 (Insufficient access; error in module acl: insufficient access rights during LDB_MODIFY (50))
If I change the code, deleting the old password, and adding the new one:
dn: ........
changetype: modify
delete: unicodePwd
unicodePwd: "Temporal1"
-
add: unicodePwd
unicodePwd: "Temporal2"
Then I get this error:
#!ERROR [LDAP: error code 53 - 00002035: setup_io: it's not allowed to set the NT hash password directly']
The ldapmodify are executed using the self user credentials, i wouldn't like to use the administrator account. Is this possible? Do I have to change some settings in Samba4?