samueldarwin@yahoo.com wrote:

Full_Name: Sam Darwin Version: openldap-2.4.31 OS: Ubuntu 14.04 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.169.106.169)

Showing informative error messages is very important, especially with complex software. In this case, the error was misleading, so maybe it can be updated.

$ ldappasswd -D "uid=exampleuser,ou=users,dc=example,dc=net"h h ldap01 -W -e ppolicy Enter LDAP Password: Result: Constraint violation (19) Additional info: Password fails quality checking policy control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAOBAQY= ppolicy: error=6 (Password is too short for policy)

It looks like the password is too short, right?

Actually, the problem is completely different, which I discovered after some time.

-S "uid=exampleuser,ou=users,dc=example,dc=net" should also be added to that command.

So, the real error was either that no password at all had been provided, or no user had been provided, or both. It had not even requested a new password. The new password was not too short, it was non-existent, which is something else entirely.

So, my request is to make the error reporting more sophisticated here, and any place else that is analogous to this case. make the answer a bit more obvious.

Your report is invalid. The ldappasswd(1) manpage clearly states that if you don't provide a new password, the server will be asked to generate one. In this particular case, the password the server generated was too short for your policy.

The manpage also states clearly that if you don't specify [user] DN, it will change the password of the user that bound to the server.

The error message was correct.

Closing this ITS.