[Date Prev][Date Next] [Chronological] [Thread] [Top]

Getting pwdCheckModule: check_password module ppErrStr --> "the client"

To: openldap-software@openldap.org
Subject: Getting pwdCheckModule: check_password module ppErrStr --> "the client"
From: Eric Berggren <ericb@montalvosystems.com>
Date: Thu, 20 Mar 2008 19:49:47 -0700 (PDT)
In-reply-to: <1100328182.1451151206067500112.JavaMail.root@usmail1>

What's the client-side trick in getting the ppErrStr string from the check_password() function (from pwdCheckModule) actually back to the client when using EXOP_MODIFY_PASSWD ? 

Seems to require use of a ppolicy control, which appears to be effectively a noop in 2.3.38 (before noticing the mention in the release notes) yet completely broken in 2.3.41 resulting in:

../../../libraries/libldap/controls.c:437: ldap_create_control: Assertion `ber != ((void *)0)' failed.

this is using ldap_create_passwordpolicy_control() as such:

    LDAPControl **ctrls = NULL;
    ....
    ldap_create_passwordpolicy_control( ld, &ctrls );

(yes, this is from client/tools/ldappasswd.c). Checking the library code, indeed, ppolicy.c:ldap_create_passwordpolicy_control() passes NULL in as *ber into controls.c:ldap_create_control() in v .41 , hitting the assert( ber != NULL ).

More reading seems to suggest this whole mechanism is deprecated and will likely go away.

So getting back.. i would like to report the "human-readable textual explanation of the [check_password] error" back to the client (per slapo-ppolicy(5)). Or is this not really implemented in v2.3 ?

thanks,
-eric

Prev by Date: AW: Compilation 2.3.39 on SunOS 5.8.
Next by Date: Re: order of rewrite context processing
Index(es):
- Chronological
- Thread