Hi,
On Fri, Oct 12, 2018 at 05:32:13PM +0200, Ervin Hegedüs wrote:
Hi all,
On Thu, Oct 11, 2018 at 09:12:56AM +0200, Clément OUDOT wrote:
This should be possible in PHP 7.3, see https://bugs.php.net/bug.php?id=69437
could anybody helps me, how can I catch the correct and accurate error message?
if (PHP_VERSION_ID >= 70300) { $ctrl1 = array('oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST, 'value' => NULL, 'iscritical' => 0); $src = ldap_set_option($this->ldapconn, LDAP_OPT_SERVER_CONTROLS, array($ctrl1)); $option = (LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING); } else { $option = LDAP_OPT_DIAGNOSTIC_MESSAGE; } ldap_get_option($this->ldapconn, $option, $_err);
this is a wrong way, I've re-read the PHP docs, and I think I have to follow this way:
$conn = ldap_connect("ldaps://host");
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($conn, LDAP_OPT_REFERRALS, 0); ldap_set_option($conn, LDAP_OPT_DEBUG_LEVEL, -1);
$ctrl = array( 'oid' => LDAP_CONTROL_PASSWORDPOLICYRESPONSE, 'iscritical' => FALSE, 'value' => NULL );
ldap_set_option($conn, LDAP_OPT_SERVER_CONTROLS, array($ctrl));
ldap_bind($conn, $serviceuser, $servicepassw);
ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING, $_err); var_dump($_err);
ldap_exop_passwd($conn, $userdn, "", $usernewpasswd);
ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING, $_err);
But the ldap_bind returns with FALSE, and the $_err will:
"passwordPolicyRequest control value not absent"
If I leave the 'value' key from $ctrl, the ldap_bind() returns with TRUE, the ldap_exop_passwd() returns FALSE, and the error just simple "Constraint error", the $_err string is empty.
I think this is a PHP bug, but if anybody have some expert/idea about this, just let me know.
Thanks,
a.