[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password policy messages - how can I pass back
- To: Clément OUDOT <clement.oudot@worteks.com>
- Subject: Re: Password policy messages - how can I pass back
- From: Ervin Hegedüs <airween@gmail.com>
- Date: Thu, 11 Oct 2018 09:30:21 +0200
- Cc: openldap-technical@openldap.org
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=2wyZfEnPeJr4aOqaDxVPdiO2vtdrn3QaADheCELaHHM=; b=RoCOjydw/4TFOBoyY7rMDEnY78iqWvA7OPQaD2iMB4pgZDeHG/75kJMHET9vbSI9bZ 7zalJV0Eor3wtlBjXVaOPBbnLwnr5in2Q194B6sk6ddQwT0HDxVO5B4GYvXyu6PbGMOI UKjqdqNK8rBdAQZr8HrOfGM/aBB+c7DpgtlWHRa4MtPpKCYJXSUPQthdJg0kgrf4UPtz QFQtyet3nc3yv1v+4TrkJhefpHwSr9gzjEOq/ernN0C3LzUqdxf2Y4g3Ks6rfzssRYAI gyehOqGE/XCzgmDwDWx53GWxsxq0Sgxp/t8nawz+gT+xaekZopxmoTizr/vOCOiL0lN4 rrzg==
- In-reply-to: <8825489d-e259-7288-0bd7-0c77a0470844@worteks.com>
- References: <20181010181610.GA17760@arxnet.hu> <8825489d-e259-7288-0bd7-0c77a0470844@worteks.com>
- User-agent: Mutt/1.5.24 (2015-08-30)
Hi Clément,
thanks for feedback,
> > I mean:
> >
> > # /usr/bin/ldappasswd -H ldaps://dev-ldap-01 -w "secret" -D "UID="dminuser,dc=hu" -s "abcdefghijkl" "uid=airween,ou=Users,dc=hu"
> > Result: Constraint violation (19)
> >
> > There isn't any detailed information, what's the reason why the
> > policy module drops the request, but I can see that in the logfile:
> >
> > Oct 10 20:05:21 dev-ldap-01 slapd[16312]: check_password_quality: module error: (pwdCheckModule-poc.so) Passwords less than 16 characters require at least 3 traits (upper case, lower case, digits, or special characters).[1]
> > Oct 10 20:05:21 dev-ldap-01 slapd[16312]: send_ldap_result: conn=1742 op=1 p=3
> > Oct 10 20:05:21 dev-ldap-01 slapd[16312]: send_ldap_result: err=19 matched="" text="Passwords less than 16 characters require at least 3 traits (upper case, lower case, digits, or special characters)"
>
>
> With LDAP clients like ldappasswd, you need to send the ppolicy client
> control with "-e ppolcy"
right, thanks,
> > Note, that in PHP side I'm using:
> >
> > ldap_get_option($ldapconn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $_err);
> >
> > and $_err variable is empty.
>
>
> This should be possible in PHP 7.3, see
> https://bugs.php.net/bug.php?id=69437
:(
I've fighted with customer for update to 7.2 to get the
ldap_exop_passwd(), now I can go back to fight for PHP 7.3.
Looks like it exists for Debian 9 (non-official):
https://packages.sury.org/php/pool/main/p/php7.3/
Thanks again,
a.