[Date Prev][Date Next] [Chronological] [Thread] [Top]

Getting pwdCheckModule: check_password module ppErrStr --> "the client"



What's the client-side trick in getting the ppErrStr string from the check_password() function (from pwdCheckModule) actually back to the client when using EXOP_MODIFY_PASSWD ? 

Seems to require use of a ppolicy control, which appears to be effectively a noop in 2.3.38 (before noticing the mention in the release notes) yet completely broken in 2.3.41 resulting in:

../../../libraries/libldap/controls.c:437: ldap_create_control: Assertion `ber != ((void *)0)' failed.

this is using ldap_create_passwordpolicy_control() as such:

    LDAPControl **ctrls = NULL;
    ....
    ldap_create_passwordpolicy_control( ld, &ctrls );

(yes, this is from client/tools/ldappasswd.c). Checking the library code, indeed, ppolicy.c:ldap_create_passwordpolicy_control() passes NULL in as *ber into controls.c:ldap_create_control() in v .41 , hitting the assert( ber != NULL ).

More reading seems to suggest this whole mechanism is deprecated and will likely go away.

So getting back.. i would like to report the "human-readable textual explanation of the [check_password] error" back to the client (per slapo-ppolicy(5)). Or is this not really implemented in v2.3 ?

thanks,
-eric