Hi all,
On Thu, Oct 11, 2018 at 09:12:56AM +0200, Clément OUDOT wrote:
Le 10/10/2018 à 20:16, Ervin Hegedüs a écrit :
I mean:
# /usr/bin/ldappasswd -H ldaps://dev-ldap-01 -w "secret" -D "UID="dminuser,dc=hu" -s "abcdefghijkl" "uid=airween,ou=Users,dc=hu" Result: Constraint violation (19)
With LDAP clients like ldappasswd, you need to send the ppolicy client control with "-e ppolcy"
it works: Result: Constraint violation (19) Additional info: Password is not being changed from existing value control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAOBAQg= ppolicy: error=8 (New password is in list of old passwords)
Note, that in PHP side I'm using:
ldap_get_option($ldapconn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $_err);
and $_err variable is empty.
This should be possible in PHP 7.3, see https://bugs.php.net/bug.php?id=69437
could anybody helps me, how can I catch the correct and accurate error message?
if (PHP_VERSION_ID >= 70300) { $ctrl1 = array('oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST, 'value' => NULL, 'iscritical' => 0); $src = ldap_set_option($this->ldapconn, LDAP_OPT_SERVER_CONTROLS, array($ctrl1)); $option = (LDAP_OPT_DIAGNOSTIC_MESSAGE | LDAP_OPT_ERROR_STRING); } else { $option = LDAP_OPT_DIAGNOSTIC_MESSAGE; } ldap_get_option($this->ldapconn, $option, $_err);
but the $_err is a string:
string(49) "Password is not being changed from existing value"
There isn't the ppolicy error.
I've tried with values in ldap_set_option $ctrl: value => 0, value => 0, iscritical => 1, and combinations of these.
a.