[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy messages - how can I pass back

To: Clément OUDOT <clement.oudot@worteks.com>
Subject: Re: Password policy messages - how can I pass back
From: Ervin Hegedüs <airween@gmail.com>
Date: Sat, 13 Oct 2018 21:33:55 +0200
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=EjvRPA/jXDiBw+U+N0VUoaNNzn1o0K2jdttmeeFV/dA=; b=U85u+LhUq2CXrlXwv4iozY9Ips7dUZ1EIjJmll4VVMofvmicr0KG/g4SBbJ3o7I0ya AyxkzBN2sLza1IwGb1+8a/1IOTHY/OLe5Xy7Xc9M716cXu3awNUh6YerTzMIysJ1bgOb jleOPyjjITJih4tltw25RctKxDgzL/9GiKDcIS/dcmXL3GL+Cs96avyHRxLfIUeUvH0W 1ANe8kIbyxWYEczp2Sbi/q114+jRAdBPL0dyf7yW66UWc0/FJ96jSOB24KhOQjzGWl0v qf121jDqXp1lVY/dZYsxr5n2Ry0EfZnL6m9+Pbyb8qMCACcHk5eJcobQ56Xtu4SK9wv+ 2d2A==
In-reply-to: <20181012153213.GA9947@arxnet.hu>
References: <20181010181610.GA17760@arxnet.hu> <8825489d-e259-7288-0bd7-0c77a0470844@worteks.com> <20181012153213.GA9947@arxnet.hu>
User-agent: Mutt/1.5.24 (2015-08-30)

Hi,

On Fri, Oct 12, 2018 at 05:32:13PM +0200, Ervin Hegedüs wrote:
> Hi all,
> 
> On Thu, Oct 11, 2018 at 09:12:56AM +0200, Clément OUDOT wrote:
> > 
> > This should be possible in PHP 7.3, see
> > https://bugs.php.net/bug.php?id=69437
> 
> could anybody helps me, how can I catch the correct and accurate
> error message?
> 
> if (PHP_VERSION_ID >= 70300) {
>     $ctrl1 = array('oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST, 'value' => NULL, 'iscritical' => 0);
>     $src = ldap_set_option($this->ldapconn, LDAP_OPT_SERVER_CONTROLS, array($ctrl1));
>     $option = (LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING); 
> }
> else {
>     $option = LDAP_OPT_DIAGNOSTIC_MESSAGE;
> }
> ldap_get_option($this->ldapconn, $option, $_err);

this is a wrong way, I've re-read the PHP docs, and I think I
have to follow this way:


$conn = ldap_connect("ldaps://host");

ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($conn, LDAP_OPT_DEBUG_LEVEL, -1);

$ctrl = array(
    'oid' => LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
    'iscritical' => FALSE,
    'value' => NULL
);

ldap_set_option($conn, LDAP_OPT_SERVER_CONTROLS, array($ctrl));

ldap_bind($conn, $serviceuser, $servicepassw);

ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING, $_err);
var_dump($_err);

ldap_exop_passwd($conn, $userdn, "", $usernewpasswd);

ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING, $_err);

But the ldap_bind returns with FALSE, and the $_err will:

"passwordPolicyRequest control value not absent"


If I leave the 'value' key from $ctrl, the ldap_bind() returns
with TRUE, the ldap_exop_passwd() returns FALSE, and the error
just simple "Constraint error", the $_err string is empty.



I think this is a PHP bug, but if anybody have some expert/idea
about this, just let me know.


Thanks,

a.

References:
- Password policy messages - how can I pass back
  - From: Ervin Hegedüs <airween@gmail.com>
- Re: Password policy messages - how can I pass back
  - From: Clément OUDOT <clement.oudot@worteks.com>
- Re: Password policy messages - how can I pass back
  - From: Ervin Hegedüs <airween@gmail.com>

Prev by Date: Re: Password policy messages - how can I pass back
Next by Date: Check synchro : access only to contextcsn
Index(es):
- Chronological
- Thread