Index: modules/univention/connector/ad/__init__.py
===================================================================
--- modules/univention/connector/ad/__init__.py	(Revision 69248)
+++ modules/univention/connector/ad/__init__.py	(Arbeitskopie)
@@ -845,13 +845,18 @@
 		binding= "ncacn_np:%s[%s]" % (self.ad_ldap_host, binding_options)
 
 		self.samr = samba.dcerpc.samr.samr(binding, lp, creds)
-		handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
+		self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
 
 		sam_domain = lsa.String()
 		sam_domain.string = self.ad_netbios_domainname
-		sid = self.samr.LookupDomain(handle, sam_domain)
+		sid = self.samr.LookupDomain(self.samr_handle, sam_domain)
 		self.dom_handle = self.samr.OpenDomain(handle, security.SEC_FLAG_MAXIMUM_ALLOWED, sid)
 
+	def close_samr(self):
+		self.samr.Close(self.dom_handle)
+		self.samr.Close(self.samr_handle)
+		self.samr = None
+
 	def get_kerberos_ticket(self):
 		cmd_block = ['kinit', '--no-addresses', '--password-file=%s' % self.baseConfig['%s/ad/ldap/bindpw' % self.CONFIGBASENAME], self.baseConfig['%s/ad/ldap/binddn' % self.CONFIGBASENAME]]
 		p1 = subprocess.Popen(cmd_block, close_fds=True)
Index: modules/univention/connector/ad/password.py
===================================================================
--- modules/univention/connector/ad/password.py	(Revision 69248)
+++ modules/univention/connector/ad/password.py	(Arbeitskopie)
@@ -131,24 +131,30 @@
 	if not connector.samr:
 		connector.open_samr()
 
-	sam_accountname = lsa.String()
-	sam_accountname.string = samaccountname
-	(rids, types) = connector.samr.LookupNames(connector.dom_handle, [sam_accountname,])
+	user_handle = None
+	try:
+		sam_accountname = lsa.String()
+		sam_accountname.string = samaccountname
+		(rids, types) = connector.samr.LookupNames(connector.dom_handle, [sam_accountname,])
 
-	rid=rids.ids[0]
-	user_handle = connector.samr.OpenUser(connector.dom_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, rid)
+		rid=rids.ids[0]
+		user_handle = connector.samr.OpenUser(connector.dom_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, rid)
 
-	userinfo18 = samba.dcerpc.samr.UserInfo18()
-	bin_hash = binascii.a2b_hex(pwd)
-	enc_hash = mySamEncryptNTLMHash(bin_hash, connector.samr.session_key)
+		userinfo18 = samba.dcerpc.samr.UserInfo18()
+		bin_hash = binascii.a2b_hex(pwd)
+		enc_hash = mySamEncryptNTLMHash(bin_hash, connector.samr.session_key)
 
-	samr_Password = samba.dcerpc.samr.Password()
-	samr_Password.hash = map(ord, enc_hash)
+		samr_Password = samba.dcerpc.samr.Password()
+		samr_Password.hash = map(ord, enc_hash)
 
-	userinfo18.nt_pwd = samr_Password
-	userinfo18.nt_pwd_active = 1
-	userinfo18.password_expired = 0
-	info = connector.samr.SetUserInfo(user_handle, 18, userinfo18)
+		userinfo18.nt_pwd = samr_Password
+		userinfo18.nt_pwd_active = 1
+		userinfo18.password_expired = 0
+		info = connector.samr.SetUserInfo(user_handle, 18, userinfo18)
+	finally:
+		if user_handle:
+			connector.samr.Close(user_handle)
+		connector.close_samr()
 
 	return info