[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
PPolicy Control Decoding
I'm having difficulty processing the response from the password policy control
returned by slapd
here is an extract of the log:
send_ldap_result: conn=45 op=4 p=3
send_ldap_result: err=19 matched="" text="Password is in history of old
passwords"
send_ldap_response: msgid=5 tag=103 err=19
ldap_write: want=91, written=91
0000: 30 59 02 01 05 67 2e 0a 01 13 04 00 04 27 50 61 0Y...g.......
'Pa
0010: 73 73 77 6f 72 64 20 69 73 20 69 6e 20 68 69 73 ssword is in
his
0020: 74 6f 72 79 20 6f 66 20 6f 6c 64 20 70 61 73 73 tory of old
pass
0030: 77 6f 72 64 73 a0 24 30 22 04 19 31 2e 33 2e 36 words.$0"..1.3.6
0040: 2e 31 2e 34 2e 31 2e 34 32 2e 32 2e 32 37 2e 38 .1.4.1.42.2.27.8
0050: 2e 35 2e 31 04 05 30 03 81 01 08 .5.1..0....
conn=45 op=4 RESULT tag=103 err=19 text=Password is in history of old passwords
daemon: activity on 1 descriptor
Looing at:
0050: 2e 35 2e 31 04 05 30 03 81 01 08 .5.1..0....
0x81 is a Sequence repersenting Error from what I can see in ldap-int.h
01 lenght, 08 value
Think value field 08 is incorrect, it is not a type.
Should it be
81 01 02 01 08
[TYPE = Sequence, LENGTH = 1, VALUE [ TYPE = Integer, LENGTH = 1, VALUE
= 8 ]]
PasswordPolicyResponseValue ::= SEQUENCE {
warning [0] CHOICE OPTIONAL {
timeBeforeExpiration [0] INTEGER (0 .. maxInt),
graceLoginsRemaining [1] INTEGER (0 .. maxInt)
}
error [1] ENUMERATED OPTIONAL {
passwordExpired (0),
accountLocked (1),
changeAfterReset (2),
passwordModNotAllowed (3),
mustSupplyOldPassword (4),
invalidPasswordSyntax (5),
passwordTooShort (6),
passwordTooYoung (7),
passwordInHistory (8)
}
}