Hi,
Thank you for your reply. I looked in the openLDAP directory using apache directory studio. ...and there is just one userPassword entry per Node/User.
Are there maybe 2 temporal passwords, when executing the ldapppasswd coammand? There are no errors when executing an ldap modifiy request...
Best regards, Marco Weber
________________________________________ Von: Buchan Milne [bgmilne@staff.telkomsa.net] Gesendet: Freitag, 23. Dezember 2011 10:27 Bis: Chris Jacobs Cc: 'openldap-technical@openldap.org'; Marco Weber Betreff: Re: password-policy configuration problems: cannot change passwords
On Friday, 23 December 2011 09:59:00 Chris Jacobs wrote:
If that's true, would there be anyway to change the error text? Perhaps "Password policy overlay only allows one password value in dn - more than one found". If there's a clear reason for an error, I think the added text would be valuable to an administrator.
Sure:
$ grep -r 'Password policy only allows one password value' openldap-2.4.28 openldap-2.4.28/servers/slapd/overlays/ppolicy.c: send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION, "Password policy only allows one password value" ); openldap-2.4.28/servers/slapd/overlays/ppolicy.c: rs->sr_text = "Password policy only allows one password value";
Note that there are two cases that have the same error text: 1)Multiple values for userPassword exist in the entry in the directory 2)An add is being performed with two values for userPassword in the entry being added
However, for English speakers who are marginally familiar with OpenLDAP, surely the existing error message is enough to point the user to look at: -the LDIF they are adding -the entry they are modifying ?
Maybe the issue is that error messages need to be internationalised and localised (but, how do you determine the locale to use when providing error messages over the wire?).
Regards, Buchan