[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] RFC 3062 section 2.1 and section 3

At 11:01 PM 3/31/2005, Vithalprasad Gaitonde wrote:
>Kurt,
>This section says:
>A Password Modify request is an ExtendedRequest with the requestName
>field containing passwdModifyOID OID and optionally provides a
>requestValue field.
>The rfc does not specify what is the expected server behaviour when the extension contains only the passwdModifyOID and no value.

If no control value is present, then no PasswdModifyRequestValue
is present, and hence, none of its fields are present.

>My guess is that this will cause the server to generate a password for the identity which is currently bound on the connection on which the request was recieved and hence the server is required to return the generated password in the extended response.

Well, more precisely, the message requests the server generate
a password for the current user.  The server is not required to
do so, it return an error if its unwilling or unable to provide
the requested service.

>Also in section 2, the rfc says:
>   If oldPasswd is present and the provided value cannot be verified or
>   is incorrect, the server SHALL NOT change the user password. 
> 
>In this case, what is the LDAP error that the server should send bac to the client.

The specification prescribes an appropriate resultCode.
If the server is busy, then returning busy might be
appropriate.  But if the password is invalid,
then invalidCredentials would be appropriate.

> 
>Prasad
>_______________________________________________
>Ldapext mailing list
>Ldapext@ietf.org
>https://www1.ietf.org/mailman/listinfo/ldapext


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext