AW: password-policy configuration problems: cannot change passwords

[Marco Weber <marco.weber@mpulse.eu>]

Hi,

Thank you for your reply.
I looked in the openLDAP directory using apache directory studio.
...and there is just one userPassword entry per Node/User.

Are there maybe 2 temporal passwords, when executing the ldapppasswd coammand?
There are no errors when executing an ldap modifiy request...

Best regards,
Marco Weber

________________________________________
Von: Buchan Milne [bgmilne@staff.telkomsa.net]
Gesendet: Freitag, 23. Dezember 2011 10:27
Bis: Chris Jacobs
Cc: 'openldap-technical@openldap.org'; Marco Weber
Betreff: Re: password-policy configuration problems: cannot change passwords

On Friday, 23 December 2011 09:59:00 Chris Jacobs wrote:
> If that's true, would there be anyway to change the error text? Perhaps
> "Password policy overlay only allows one password value in dn - more than
> one found". If there's a clear reason for an error, I think the added text
> would be valuable to an administrator.

Sure:

$ grep -r 'Password policy only allows one password value' openldap-2.4.28
openldap-2.4.28/servers/slapd/overlays/ppolicy.c:
send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION, "Password policy only
allows one password value" );
openldap-2.4.28/servers/slapd/overlays/ppolicy.c:
rs->sr_text = "Password policy only allows one password value";

Note that there are two cases that have the same error text:
1)Multiple values for userPassword exist in the entry in the directory
2)An add is being performed with two values for userPassword in the entry
being added

However, for English speakers who are marginally familiar with OpenLDAP,
surely the existing error message is enough to point the user to look at:
-the LDIF they are adding
-the entry they are modifying
?

Maybe the issue is that error messages need to be internationalised and
localised (but, how do you determine the locale to use when providing error
messages over the wire?).

Regards,
Buchan