[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4244) SLAPI_ADD_RESCONTROL in prebind plugin not being sent

Full_Name: Darin Broady
Version: 2.3.12
OS: Solaris 9
Submission from: (NULL) (

I have written a SLAPI prebind plugin that checks for account expiration to
allow Solaris 8 & 9 clients to determine if a password is expired or expiring
(uses controls 2.16.840.1.113730.3.4.4 and 2.16.840.1.113730.3.4.5).  All the
plugin does it check for the condition and add the resulting control to the
pblock via the slapi_pblock_set(pblock, SLAPI_ADD_RESCONTROL, &pwdcontrol), and
then return SLAPI_BIND_SUCCESS to allow the backend bind functions to proceed
and actually verify the password.

What is happening this that after I add my control to the pblock, it is not
being sent back to the client when the backend bind function executes

I have included a simplified version of my plugin that demonstrates the problem.
 I have looked at the documentation for slapi with Netscape Directory Server,
and I think that I'm following the procedure correctly.  However, it may differ
with OpenLDAP in a way that I'm not familiar with yet.  If someone could help me
determine if my code is wrong or if it is a bug in the SLAPI code of OL I would
be greatful.


The prebind code for my plugin is the following (simplified version):
#include <slapi-plugin.h>

#define CONTROL_PWDEXPIRED_OID  "2.16.840.1.113730.3.4.4"
#define CONTROL_PWDEXPIRING_OID "2.16.840.1.113730.3.4.5"

Slapi_PluginDesc prebindDesc = { "prebind", "prebind", "1.0", "prebind" };

static int prebindFunc(Slapi_PBlock *pb) {
   LDAPControl pwdcontrol;
   pwdcontrol.ldctl_oid = CONTROL_PWD_EXPIRED_OID;
   pwdcontrol.ldctl_value.bv_val = NULL;
   pwdcontrol.ldctl_value.bv_len = 0;

   slapi_pblock_set(pb, SLAPI_ADD_RESCONTROL, &pwdcontrol);

int prebind_init(Slapi_PBlock *pb) {
   int rc = 0;
   rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
   rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)prebindDesc);
   rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_BIND_FN, (void *)prebindFunc);


   return LDAP_SUCCESS;

/**************************** END OF CODE *******************************/

Darin Broady