[Date Prev][Date Next] [Chronological] [Thread] [Top]

IBM pwdPolicy support

Has anyone had experience using OpenLDAP as a client against and IBM Directory Server 5.1, and successfully gathering pwdPolicy information from a bind?


The problem is that after I bind and call ldap_result(), and then attempt to parse the result using ldap_parse_result, ldap_parse_result() returns 84 (as well as places 84 in the errcode, and "Decoding Error" in errmsg)


The code (pulled from an IBM example file) is essentially this:


rc = ldap_sasl_bind(ld, binddn, LDAP_SASL_SIMPLE,

&ber, pwdPolicyControl, NULL,



if (rc == LDAP_SUCCESS) {

     error = ldap_result( ld, msgID, 1, (struct timeval *) NULL, &res );


     rc = ldap_parse_result( ld, res, &errcode, NULL, &errmsg,

                             NULL, &returnedControls, 1 );



Now, this only happens when the bind is not failing with an error.

If there is an error (like the account is locked out) then ldap_parse_result() returns success, and I have the pwdPolicyControl in returned controls. That is it works if the account is locked or the password must be reset.


Anyone have any thoughts on this?