Samba seems did not obey changes in ldap, but used its own cache database. How do I ask samba to sync its database with ldap? Or if its not possible, can we use "ldap_replace" instead of "ldap_delete and ldap_add"? root# smbpasswd -D10 ... smbldap_modify: dn => [uid=cpklia,ou=people,ou=cempaka,dc=mydomain,dc=com] rebindproc_connect_with_state: Rebinding as "cn=smbsys,ou=cempaka,dc=mydomain,dc=com" ldapsam_modify_entry: Failed to modify user dn= uid=cpklia,ou=people,ou=cempaka,dc=mydomain,dc=com with: No such attribute modify/delete: sambaPwdCanChange: no such value ldapsam_update_sam_account: failed to modify user with uid = cpklia, error: modify/delete: sambaPwdCanChange: no such value (Success) Failed to modify entry for user cpklia. Failed to modify password entry for user cpklia root# pdbedit -L -v cpklia ... Logon time: 0 Logoff time: Sat, 14 Dec 1901 03:45:51 GMT Kickoff time: 0 Password last set: Tue, 22 Aug 2006 00:21:47 GMT Password can change: Tue, 22 Aug 2006 00:21:47 GMT Password must change: Sat, 21 Oct 2006 00:21:47 GMT Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF root# ldapsearch uid=cpklia ... sambaPwdCanChange: 1161392946 sambaPwdMustChange: 1166576946 ... --beast