[Date Prev][Date Next] [Chronological] [Thread] [Top]

PPolicy Control Decoding



I'm having difficulty processing the response from the password policy control 
returned by slapd

here is an extract of the log:

send_ldap_result: conn=45 op=4 p=3
send_ldap_result: err=19 matched="" text="Password is in history of old 
passwords"
send_ldap_response: msgid=5 tag=103 err=19
ldap_write: want=91, written=91
  0000:  30 59 02 01 05 67 2e 0a  01 13 04 00 04 27 50 61   0Y...g.......
'Pa
  0010:  73 73 77 6f 72 64 20 69  73 20 69 6e 20 68 69 73   ssword is in 
his
  0020:  74 6f 72 79 20 6f 66 20  6f 6c 64 20 70 61 73 73   tory of old 
pass
  0030:  77 6f 72 64 73 a0 24 30  22 04 19 31 2e 33 2e 36   words.$0"..1.3.6
  0040:  2e 31 2e 34 2e 31 2e 34  32 2e 32 2e 32 37 2e 38   .1.4.1.42.2.27.8
  0050:  2e 35 2e 31 04 05 30 03  81 01 08                  .5.1..0....
conn=45 op=4 RESULT tag=103 err=19 text=Password is in history of old passwords
daemon: activity on 1 descriptor

Looing at:
  0050:  2e 35 2e 31 04 05 30 03  81 01 08                  .5.1..0....
0x81 is a Sequence repersenting Error from what I can see in ldap-int.h 
01 lenght, 08 value

Think value field 08 is incorrect, it is not a type. 
Should it be 
81 01 02 01 08
[TYPE = Sequence, LENGTH = 1, VALUE [ TYPE = Integer, LENGTH = 1, VALUE 
= 8 ]]

PasswordPolicyResponseValue ::= SEQUENCE {
   warning [0] CHOICE OPTIONAL {
     timeBeforeExpiration [0] INTEGER (0 .. maxInt),
     graceLoginsRemaining [1] INTEGER (0 .. maxInt)
   }

   error [1] ENUMERATED OPTIONAL {
      passwordExpired       (0),
      accountLocked         (1),
      changeAfterReset      (2),
      passwordModNotAllowed (3),
      mustSupplyOldPassword (4),
      invalidPasswordSyntax (5),
      passwordTooShort      (6),
      passwordTooYoung      (7),
      passwordInHistory     (8)
    }
}