What's the client-side trick in getting the ppErrStr string from the check_password() function (from pwdCheckModule) actually back to the client when using EXOP_MODIFY_PASSWD ?
Seems to require use of a ppolicy control, which appears to be effectively a noop in 2.3.38 (before noticing the mention in the release notes) yet completely broken in 2.3.41 resulting in:
../../../libraries/libldap/controls.c:437: ldap_create_control: Assertion `ber != ((void *)0)' failed.
this is using ldap_create_passwordpolicy_control() as such:
LDAPControl **ctrls = NULL; .... ldap_create_passwordpolicy_control( ld, &ctrls );
(yes, this is from client/tools/ldappasswd.c). Checking the library code, indeed, ppolicy.c:ldap_create_passwordpolicy_control() passes NULL in as *ber into controls.c:ldap_create_control() in v .41 , hitting the assert( ber != NULL ).
More reading seems to suggest this whole mechanism is deprecated and will likely go away.
So getting back.. i would like to report the "human-readable textual explanation of the [check_password] error" back to the client (per slapo-ppolicy(5)). Or is this not really implemented in v2.3 ?
thanks, -eric
openldap-software@openldap.org