Hi Clément,
thanks for feedback,
I mean:
# /usr/bin/ldappasswd -H ldaps://dev-ldap-01 -w "secret" -D "UID="dminuser,dc=hu" -s "abcdefghijkl" "uid=airween,ou=Users,dc=hu" Result: Constraint violation (19)
There isn't any detailed information, what's the reason why the policy module drops the request, but I can see that in the logfile:
Oct 10 20:05:21 dev-ldap-01 slapd[16312]: check_password_quality: module error: (pwdCheckModule-poc.so) Passwords less than 16 characters require at least 3 traits (upper case, lower case, digits, or special characters).[1] Oct 10 20:05:21 dev-ldap-01 slapd[16312]: send_ldap_result: conn=1742 op=1 p=3 Oct 10 20:05:21 dev-ldap-01 slapd[16312]: send_ldap_result: err=19 matched="" text="Passwords less than 16 characters require at least 3 traits (upper case, lower case, digits, or special characters)"
With LDAP clients like ldappasswd, you need to send the ppolicy client control with "-e ppolcy"
right, thanks,
Note, that in PHP side I'm using:
ldap_get_option($ldapconn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $_err);
and $_err variable is empty.
This should be possible in PHP 7.3, see https://bugs.php.net/bug.php?id=69437
:(
I've fighted with customer for update to 7.2 to get the ldap_exop_passwd(), now I can go back to fight for PHP 7.3.
Looks like it exists for Debian 9 (non-official):
https://packages.sury.org/php/pool/main/p/php7.3/
Thanks again,
a.