[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: Re: [pamldap] ppolicy decoding error
From: Andreas Hasenack <ahasenack () terra ! com ! br>
Date: 2006-04-25 18:57:37
Message-ID: 20060425185737.GE8039 () mandriva ! com
[Download RAW message or body]
On Fri, Apr 21, 2006 at 03:58:05PM -0700, Howard Chu wrote:
> Andreas wrote:
> >I'm testing pam_ldap-180 with openldap-2.3.19's password policy overlay.
> >I set an user account with a policy that mandates a password change
> >using pwdReset and pwdMustChange. pam_ldap is having trouble decoding
> >this. I get:
> >
> >pam_ldap: error trying to bind as user
> >"uid=carlos,ou=Pessoas,dc=exemplo,dc=com,dc=br" (Decoding error)
> >
> >I added a debug statement to _get_password_policy_response_value() and I
> >see that the tag value is 161, and not 160 or 129 as the code expects.
> >
> >Sniffing the wire (ethereal), I get this as the "control value" in the
> >server's
> >response: 30 03 A1 01 02 00 00
>
> It looks like OpenLDAP is generating the control value incorrectly. I've
> just patched this in libldap and slapd/overlays in CVS HEAD.
Works much better now, thanks. For example:
[fulano@cc ~]$ passwd
Changing password for user fulano.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Can't contact LDAP server
Password fails quality checking policy
passwd: Permission denied
[fulano@cc ~]$
Only that error message is a bit misleading, I'll test further with
other scenarios.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic