[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4596) Password policy control cannot be critical

To: openldap-its@OpenLDAP.org
Subject: (ITS#4596) Password policy control cannot be critical
From: tj.murphy@virgin.net
Date: Thu, 22 Jun 2006 07:21:52 GMT

Full_Name: Tony Murphy
Version: 2.3.20
OS: Centos 4.3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.118.203.3)


http://www.openldap.org/lists/openldap-software/200606/msg00220.html

> My custom client provides request controls, setting the password 
> policy control to be critical, i.e. must be supported by the server. 
> However setting password policy control to be critical is not allowed
> by current versions of openldap
>   
>
> do_bind
> ber_scanf fmt ({imt) ber:
> ber_scanf fmt (m}) ber:
> => get_ctrls
> ber_scanf fmt ({m) ber:
> ber_scanf fmt (b) ber:
> => get_ctrls: oid="1.3.6.1.4.1.42.2.27.8.5.1" (critical) <= get_ctrls: 
> n=1 rc=2 err="passwordPolicyRequest control invalid criticality"
> send_ldap_result: conn=2 op=0 p=3
> send_ldap_response: msgid=1 tag=97 err=2
> ber_flush: 63 bytes to sd 14
> do_bind: get_ctrls failed
> connection_get(14): got connid=2
> connection_read(14): checking for input on id=2 ber_get_next TLS 
> trace: SSL3 alert read:warning:close notify
>

There's been a change in the draft; earlier versions didn't allow this control
to be Critical. The current code rejects requests with the control marked
critical, which is the error message you're seeing below. 
The current draft allows the control to be marked critical, so I guess we need
to remove this error check.

Prev by Date: Re: (ITS#4588) ./scripts/test007-replication failed (exit 49)
Next by Date: (ITS#4597) back-ldap may erroneously return error while retrying a failed operation
Index(es):
- Chronological
- Thread