Reset Password via LDAP does not set samba password


I would like to set user passwords from another application that is connected via LDAP. Specifically I’m talking about Keycloak.

I already have Keycloak configured to use UCS as an LDAP Storage provider, and with the following change I have password resets working to some extent:

# Set the default password hashing to CRYPT method $6 (SHA-512) salt length 16
# which will be used with LDAPv3 Password Modify Extended Operation 
password-hash {CRYPT}
password-crypt-salt-format "$6$%.16s"

PROBLEM: The problem I have is that samba passwords are not being set. Is this normal ? I thought that UCS had rules to map passwords from ldap to samba. Does it not work this way ?