ando@sys-net.it wrote:
Guillaume.Rousse@inria.fr wrote:
When Password Modify ExOp fails, due to ppolicy restrictions, it doesn't return any ppolicy control.
Right: the control is created and attached to SlapReply, but the callback is slap_cb_null(), and the control is removed from SlapReply and destroyed before ppolicy_modify() returns. This is because extended ops do not directly send response, but rather delegate it to the frontend. I don't see an easy solution, other than taking response into the exop handlers.
An alternative approach would be to use a specific callback response other that slap_cb_null() within passwd_extop() that duplicates and brings back any controls set within the internal modify, so that they can be placed in the SlapReply that is bassed back to send_ldap_extended().
Or, sr_ctrls could become "MUSTBEFREED" much like other SlapReply fields...
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------