[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Getting pwdCheckModule: check_password module ppErrStr --> "the client"
- To: openldap-software@openldap.org
- Subject: Getting pwdCheckModule: check_password module ppErrStr --> "the client"
- From: Eric Berggren <ericb@montalvosystems.com>
- Date: Thu, 20 Mar 2008 19:49:47 -0700 (PDT)
- In-reply-to: <1100328182.1451151206067500112.JavaMail.root@usmail1>
What's the client-side trick in getting the ppErrStr string from the check_password() function (from pwdCheckModule) actually back to the client when using EXOP_MODIFY_PASSWD ?
Seems to require use of a ppolicy control, which appears to be effectively a noop in 2.3.38 (before noticing the mention in the release notes) yet completely broken in 2.3.41 resulting in:
../../../libraries/libldap/controls.c:437: ldap_create_control: Assertion `ber != ((void *)0)' failed.
this is using ldap_create_passwordpolicy_control() as such:
LDAPControl **ctrls = NULL;
....
ldap_create_passwordpolicy_control( ld, &ctrls );
(yes, this is from client/tools/ldappasswd.c). Checking the library code, indeed, ppolicy.c:ldap_create_passwordpolicy_control() passes NULL in as *ber into controls.c:ldap_create_control() in v .41 , hitting the assert( ber != NULL ).
More reading seems to suggest this whole mechanism is deprecated and will likely go away.
So getting back.. i would like to report the "human-readable textual explanation of the [check_password] error" back to the client (per slapo-ppolicy(5)). Or is this not really implemented in v2.3 ?
thanks,
-eric