[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy messages - how can I pass back

To: openldap-technical@openldap.org
Subject: Re: Password policy messages - how can I pass back
From: Clément OUDOT <clement.oudot@worteks.com>
Date: Thu, 11 Oct 2018 09:12:56 +0200
Autocrypt: addr=clement.oudot@worteks.com; prefer-encrypt=mutual; keydata= xsFNBFrYrkABEAC/AR9ZPZh3pjfYG/D4V7cFSN7Xv1qgVoudHKCjn5WeLuZXyBtWM6RGHIyo JIPjXcU8mG0+SWQf+e9IENuvQ1wEqtkUZ1YQtyYMGAOfIP2YK+nC+4R7xv2ZLuiQk37/8DS5 dT82h0vCSQbemdecH4UY3vrUeHBxiz95Nt6RtCpWDrICb0gyQJ23hwGMPkSrCSCC1uVexpuP YBTjKO1BPqjbGOWNbOuBpgwpBUzdIGX63Cfssy3OU1AiBilpOvHGYUSXblyFzQCFSmNFgNqJ 1CIIjS6+tO46uL0VgT4KYKcGR+Zn/krqTPq+BBXBOpDnuhGKf8BI+m6FPpiCPBGk6PQbUjIw WtMwXsda8qSNQ1Odsk8YlS24nkjsHc0N/VExxpYle/EfbkwqdsaLNhgJZoyGtJ7zLy4NJVs4 rJMiF7d3P6rVjWnXb5o3LkgrDjlvlwchNGWWEbdaVw4snnrPfHX1qq2LhDcTcK4NguZMAKTV O1ziZvlUejtD7VSjfK/3XPsF4/5wPXbyQ96xab9RWwNkjqdj1xDJTQLAb+4iCNZZf7e7P4JY IUSrX8ymT49JfvruSrWgKtJllnKqoHB+81LBmqlKxje+n2+z2gDJJbcPkieGeoDFWYidpIWK 9TzOGSSaDZhA+gq+lwQ8rBzpyuoCAJWYc3Y39T0P6aGK19u9IwARAQABzSpDbMOpbWVudCBP VURPVCA8Y2xlbWVudC5vdWRvdEB3b3J0ZWtzLmNvbT7CwX0EEwEIACcFAlrYrkACGyMFCQlm AYAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQrgYhihiI5FRoEhAAo/1/zBlAOE90VYc+ syjBjd3WtiAcn3Om3sGHVe60XwUqdpPEYVgFTMrim1geWfDxACUpzpUZLUEN32HfjpkVz01H gQs84xFLytcNcRmXEcVCiO1zbjGQUll7PA7nHlNTgtM/XRZpTf1woB2SFvccvVJWMjXlG3aY u8CzlMdR8l17wV9kzavvmQR4BnCdEqeyJHTuZ8D2k6mUay8WkM5+AYMcMZhAlsWSbZdNu+zP q/WT+fNU9uWf6rI6uDPzNFyr1VI3q5alOdp6k+qlFuqmq1uS7yfa+HHpgxufyqxheZbdJAum E4GsFsdhJHkUGeneaoS+WzVuAi/PMLbJ178aF94DeMmWJZbqshBJ5bNFKnZaerQzxHokdPUt mFggjVr7WT4yyUsdjbuZLE/UxCSQj+nyPNTFAYg5Y4AapzoeTGy1HnY4Z+G6TFbHVdqEoffE gnUaIRhhwVvCl6YdjqYeJTuA2pcVPMRgG7KTNC6uVNKx7VhSVl8is3cpG0fiNJ0ZXdHr1I6p N7+xD21TtT75ZirfIkz3lGyMaZagi/QoBI+ghuXwq5ggFdu3/gzLmFpNt6MFnGzivjc3vUqI oQSfEvQjeSdeEoULkOECwi9HR7LcTlW3Ys1iQXypKPsFDAZKQ7ayTlH6BbvUoppbRw7Gtvai YeTz/C7b6EyWOJb5vG/OwU0EWtiuQAEQANkshc1daL2yM61xTA8dI0k/q3Cl7DmikSFEewwS 0+nzO2+G89NF4xhn3lFcZ8xhKRR5o+BBfZlazPbPAirHbaSFHh+Vr00QL1dnG0mlyTVbuAkD 6K21QvRrNUDgg2In4TkuXQCwt29VVHjFfDcVa3ax87E7r0ckWwzWmIHDFdBDDR8MkiDKSPGu wpN7lQz4U+6j0Mztzl10BWyC/U8YVJLclC0VDheyw19uvw5J0MtSbhZ7Mub/uFjgYrwRc+hq 5ncSHe8GXHd3Pk9u6VkiPyUbEp8c4rK+TUWb0IWbtJBhJ8WhyjsWiS+f2Gjz6Q+Yy8TT9Swx KO1yDj9YKzcxsADt2w4sjMJqkjCAErXsAg4uuXFGuEordNaC8Hh0VqXBV92wXQTI29OHxzIU cdl7SdmTnGSPeSjX4McQpbO84yCfEQ6N1yRa+DwJW86I/8A6eUhr0dO6Wo+zB19J/jV2xkdV yliw2DAvakovk0qcfs41yQM1uwbkiNEU4FsqyqEmnt06ccsOgEWpE1E70A6CqlOjxCS0imow GCBQ94S3WzK0bF1UP7xYAl/tEfM8GgZUaoj07avM++h9OeM2mh80NBi7ETH0HsYXatAEkVv1 QubnHZZYxDUk2OQsJlyRcN/gRff80YRfI+r7jlO+oLHl27TCFNsXnWyxxKdE4CoOQYqZABEB AAHCwWUEGAEIAA8FAlrYrkACGwwFCQlmAYAACgkQrgYhihiI5FSSaBAApwPWyDQTWslzlNCP NaTfdoT36wf78URv3LRuvx6DqQfATZ6CHapZn27iNRnLyPtqKyQhu4u2qFk3clS5orYgFbew vVyAOg7FKJJ/0NEofwFDbBhoRtms4VkdVgeVD9BbQAJ7TGbixuD19kmYBAhz3FIGd4SiJJ1P IqL8R712FD6pvK7x0BE3bfirGeFls6278bv4MB99Aji//jOU94ar54htatksE9nvq2DCvqfL +/gYDxjTpSusT7cavYoYRZX3smAx+XTwcYxjzDjxfjo/JFLKy6P57Ir/nn54ShbmC9WiOvtG dGW7zNw0Q//gbNdWYBom5j5Tpl5qcV3MYs0M2pr4hUZYVyJtj3vOEVQZJ79g51VzQSMSHhFl uil2RHffirR1yYhTo6gSlpJLps8bk+8lvzTbPzCVCXwRU8/ALc5zvBj0JoAwNQPeqDNROhGu E2/1H4niP9Ogx58CdmvDudDQ8GyUwYYMoeT1smwnEBUFv0a1JR9pZBIbmfsskJLY8qFomLaU d1KZm4EWLfchHMJF4411spHPkM2NioxWsoMSJwtQTPg0Q2R5hI4BT2RCSRLNe1zV7txupUPz wEW90UqJaTXi3gCr5UCc/FLRjTiKaC/DeggWr448q23qYUDnh1Mtg2pBq+Vd1kme+Bg2LPZk ynRXCjPIjKasxsn+kMg=
Content-language: fr-FR
In-reply-to: <20181010181610.GA17760@arxnet.hu>
Openpgp: preference=signencrypt
Organization: Worteks
References: <20181010181610.GA17760@arxnet.hu>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Thunderbird/52.9.1


Le 10/10/2018 à 20:16, Ervin Hegedüs a écrit :
> Hi there,

Hello,


>
>
>
> I mean:
>
> # /usr/bin/ldappasswd -H ldaps://dev-ldap-01 -w "secret" -D "UID="dminuser,dc=hu" -s "abcdefghijkl" "uid=airween,ou=Users,dc=hu" 
> Result: Constraint violation (19)
>
> There isn't any detailed information, what's the reason why the
> policy module drops the request, but I can see that in the logfile:
>
> Oct 10 20:05:21 dev-ldap-01 slapd[16312]: check_password_quality: module error: (pwdCheckModule-poc.so) Passwords less than 16 characters require at least 3 traits (upper case, lower case, digits, or special characters).[1]
> Oct 10 20:05:21 dev-ldap-01 slapd[16312]: send_ldap_result: conn=1742 op=1 p=3
> Oct 10 20:05:21 dev-ldap-01 slapd[16312]: send_ldap_result: err=19 matched="" text="Passwords less than 16 characters require at least 3 traits (upper case, lower case, digits, or special characters)"


With LDAP clients like ldappasswd, you need to send the ppolicy client
control with "-e ppolcy"

> Note, that in PHP side I'm using:
>
> ldap_get_option($ldapconn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $_err);
>
> and $_err variable is empty.


This should be possible in PHP 7.3, see
https://bugs.php.net/bug.php?id=69437



-- 
Clément Oudot | Identity Solutions Manager

clement.oudot@worteks.com

Worteks | https://www.worteks.com

Follow-Ups:
- Re: Password policy messages - how can I pass back
  - From: Ervin Hegedüs <airween@gmail.com>
- Re: Password policy messages - how can I pass back
  - From: Ervin Hegedüs <airween@gmail.com>

References:
- Password policy messages - how can I pass back
  - From: Ervin Hegedüs <airween@gmail.com>

Prev by Date: Re: role based authorization -> dynacl module?
Next by Date: Re: Password policy messages - how can I pass back
Index(es):
- Chronological
- Thread