Re: (ITS#8293) ldappasswd error text

[hyc@symas.com]

samueldarwin@yahoo.com wrote:
> Full_Name: Sam Darwin
> Version: openldap-2.4.31
> OS: Ubuntu 14.04
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (82.169.106.169)
>
>
> Showing informative error messages is very important, especially with complex
> software.    In this case, the error was misleading, so maybe it can be
> updated.
>
> $ ldappasswd -D "uid=exampleuser,ou=users,dc=example,dc=net"h h ldap01 -W -e
> ppolicy
> Enter LDAP Password:
> Result: Constraint violation (19)
> Additional info: Password fails quality checking policy
> control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAOBAQY=
> ppolicy: error=6 (Password is too short for policy)
>
> It looks like the password is too short, right?
>
> Actually, the problem is completely different, which I discovered after some
> time.
>
> -S "uid=exampleuser,ou=users,dc=example,dc=net" should also be added to that
> command.
>
> So, the real error was either that no password at all had been provided, or no
> user had been provided, or both.  It had not even requested a new password.
> The new password was not too short, it was non-existent, which is something else
> entirely.
>
> So, my request is to make the error reporting more sophisticated here, and any
> place else that is analogous to this case.  make the answer a bit more obvious.

Your report is invalid. The ldappasswd(1) manpage clearly states that if you 
don't provide a new password, the server will be asked to generate one. In 
this particular case, the password the server generated was too short for your 
policy.

The manpage also states clearly that if you don't specify [user] DN, it will 
change the password of the user that bound to the server.

The error message was correct.

Closing this ITS.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/