Mike Jackson
2006-Mar-04 15:04 UTC
[Fedora-directory-users] Password Policy Request/Response Control does not work
Hi, Tested with 7.1.2 and 1.0.2, same result. The Password Policy Request/Response Control does not work. I have written code to test it, as well as tested it with an OpenLDAP 2.3 client tool which supports sending the control request and decoding the control response. The control request is sent to the server, but it is not returned to the client. I enabled the password syntax checking and then tried to change the password to one which would obviously fail. Example test: ldappasswd \ -a foobar \ -s foo \ -h directory.netauth.com \ -D "uid=jacksonm,ou=users,dc=netauth,dc=com" \ -x \ -Z \ -w foobar \ -e ppolicy Result: Constraint violation (19) Additional info: Failed to update password This is only the error from the modify password operation, but nothing from the password policy response. I expected a response equivalent to the corresponsong ASN schema: "passwordTooShort". Is this a bug, or are there some secret switches to toggle to get the password policy controls working? BR, -- Mike
Richard Megginson
2006-Mar-06 20:10 UTC
Re: [Fedora-directory-users] Password Policy Request/Response Control does not work
Mike Jackson wrote:> Hi, > Tested with 7.1.2 and 1.0.2, same result. > > The Password Policy Request/Response Control does not work. I have > written code to test it, as well as tested it with an OpenLDAP 2.3 > client tool which supports sending the control request and decoding > the control response.Thanks. This is definitely a bug - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=184141> > The control request is sent to the server, but it is not returned to > the client. > > I enabled the password syntax checking and then tried to change the > password to one which would obviously fail. > > Example test: > > ldappasswd \ > -a foobar \ > -s foo \ > -h directory.netauth.com \ > -D "uid=jacksonm,ou=users,dc=netauth,dc=com" \ > -x \ > -Z \ > -w foobar \ > -e ppolicy > > Result: Constraint violation (19) > Additional info: Failed to update password > > > This is only the error from the modify password operation, but > nothing from the password policy response. I expected a response > equivalent to the corresponsong ASN schema: "passwordTooShort". > > Is this a bug, or are there some secret switches to toggle to get the > password policy controls working? > > BR,