[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password policy messages - how can I pass back
- To: Clément OUDOT <clement.oudot@worteks.com>
- Subject: Re: Password policy messages - how can I pass back
- From: Ervin Hegedüs <airween@gmail.com>
- Date: Sat, 13 Oct 2018 21:33:55 +0200
- Cc: openldap-technical@openldap.org
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=EjvRPA/jXDiBw+U+N0VUoaNNzn1o0K2jdttmeeFV/dA=; b=U85u+LhUq2CXrlXwv4iozY9Ips7dUZ1EIjJmll4VVMofvmicr0KG/g4SBbJ3o7I0ya AyxkzBN2sLza1IwGb1+8a/1IOTHY/OLe5Xy7Xc9M716cXu3awNUh6YerTzMIysJ1bgOb jleOPyjjITJih4tltw25RctKxDgzL/9GiKDcIS/dcmXL3GL+Cs96avyHRxLfIUeUvH0W 1ANe8kIbyxWYEczp2Sbi/q114+jRAdBPL0dyf7yW66UWc0/FJ96jSOB24KhOQjzGWl0v qf121jDqXp1lVY/dZYsxr5n2Ry0EfZnL6m9+Pbyb8qMCACcHk5eJcobQ56Xtu4SK9wv+ 2d2A==
- In-reply-to: <20181012153213.GA9947@arxnet.hu>
- References: <20181010181610.GA17760@arxnet.hu> <8825489d-e259-7288-0bd7-0c77a0470844@worteks.com> <20181012153213.GA9947@arxnet.hu>
- User-agent: Mutt/1.5.24 (2015-08-30)
Hi,
On Fri, Oct 12, 2018 at 05:32:13PM +0200, Ervin Hegedüs wrote:
> Hi all,
>
> On Thu, Oct 11, 2018 at 09:12:56AM +0200, Clément OUDOT wrote:
> >
> > This should be possible in PHP 7.3, see
> > https://bugs.php.net/bug.php?id=69437
>
> could anybody helps me, how can I catch the correct and accurate
> error message?
>
> if (PHP_VERSION_ID >= 70300) {
> $ctrl1 = array('oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST, 'value' => NULL, 'iscritical' => 0);
> $src = ldap_set_option($this->ldapconn, LDAP_OPT_SERVER_CONTROLS, array($ctrl1));
> $option = (LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING);
> }
> else {
> $option = LDAP_OPT_DIAGNOSTIC_MESSAGE;
> }
> ldap_get_option($this->ldapconn, $option, $_err);
this is a wrong way, I've re-read the PHP docs, and I think I
have to follow this way:
$conn = ldap_connect("ldaps://host");
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($conn, LDAP_OPT_DEBUG_LEVEL, -1);
$ctrl = array(
'oid' => LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
'iscritical' => FALSE,
'value' => NULL
);
ldap_set_option($conn, LDAP_OPT_SERVER_CONTROLS, array($ctrl));
ldap_bind($conn, $serviceuser, $servicepassw);
ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING, $_err);
var_dump($_err);
ldap_exop_passwd($conn, $userdn, "", $usernewpasswd);
ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING, $_err);
But the ldap_bind returns with FALSE, and the $_err will:
"passwordPolicyRequest control value not absent"
If I leave the 'value' key from $ctrl, the ldap_bind() returns
with TRUE, the ldap_exop_passwd() returns FALSE, and the error
just simple "Constraint error", the $_err string is empty.
I think this is a PHP bug, but if anybody have some expert/idea
about this, just let me know.
Thanks,
a.