Hello,
I'm trying to pull the password policy response message from ldap_bind() method.
While checking the packet content from OpenLDAP after ldap_bind() request, with Wireshark, there is a control hooked to the ldap_bind() response, were the message code and message text about password expiration is, but I can't manage to parse that message from response.
AFAIK, the OpenLDAP C API ldap_get_option() method doesn't have LDAP_OPT_SERVER_CONTRLOLS case implementation, and I can't get the PASSWORDPOLICYRESPONSE, although I have set the PASSWORDPOLICYREQUEST before the bind.
Is there a workaround of this problem?
------ Regards, Andrius Kulbis
Andrius Kulbis wrote:
Hello,
I'm trying to pull the password policy response message from ldap_bind() method.
While checking the packet content from OpenLDAP after ldap_bind() request, with Wireshark, there is a control hooked to the ldap_bind() response, were the message code and message text about password expiration is, but I can't manage to parse that message from response.
AFAIK, the OpenLDAP C API ldap_get_option() method doesn't have LDAP_OPT_SERVER_CONTRLOLS case implementation, and I can't get the PASSWORDPOLICYRESPONSE, although I have set the PASSWORDPOLICYREQUEST before the bind.
Use ldap_parse_result().
On Sun, 28 Jul 2013, Howard Chu wrote:
Andrius Kulbis wrote:
I'm trying to pull the password policy response message from ldap_bind() method.
...
Use ldap_parse_result().
Also, ldap_bind() has apparently been deprecated since at least OpenLDAP 2.0.15 in 2001. Use ldap_sasl_bind() instead, passing LDAP_SASL_SIMPLE as the mechanism.
Philip Guenther
2013-07-28 22:33, Philip Guenther rašė:
On Sun, 28 Jul 2013, Howard Chu wrote:
Andrius Kulbis wrote:
I'm trying to pull the password policy response message from ldap_bind() method.
...
Use ldap_parse_result().
Also, ldap_bind() has apparently been deprecated since at least OpenLDAP 2.0.15 in 2001. Use ldap_sasl_bind() instead, passing LDAP_SASL_SIMPLE as the mechanism.
Philip Guenther
#define LDAP_DEPRECATED 1 #include <stdio.h> #include <ldap.h> /* Specify the search criteria here. */
#define HOSTNAME "x.x.x.x"
#define PORTNUMBER 389
#define BASEDN "eduPersonPrincipalName=x@x,ou=People,ou=Users,dc=x,dc=x"
#define SCOPE LDAP_SCOPE_SUBTREE
#define FILTER "(uid=x)"
int main () {
LDAP *ld; LDAPMessage *result, *e; char *dn, *cert; char **vals; int rc; LDAPMessage *res; char *a; int version, i; BerElement *ber;
if((ld = ldap_init( HOSTNAME, 389 )) == NULL) { perror("ldap_init"); return 0; }
version = LDAP_VERSION3; ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if((rc = ldap_simple_bind_s (ld, BASEDN, "xxxx")) != LDAP_SUCCESS) { fprintf (stderr, "ldap_simple_bind_s: %s\n", ldap_err2string (rc)); return (1); }
rc = ldap_search_ext_s (ld, BASEDN, SCOPE, FILTER, NULL, 0, NULL, NULL, NULL, 0, &result);
char *retoidp; struct berval *retdatap;
ldap_parse_extended_result( ld, result,&retoidp, &retdatap ,1 );
ldap_unbind (ld); return (0); }
What are my mistakes, I still can manage to pull out the ppolicy message (password will expire in...) ?
------ Pagarbiai, Andrius Kulbis
2013.07.28 20:42, Howard Chu rašė:
Andrius Kulbis wrote:
Hello,
I'm trying to pull the password policy response message from ldap_bind() method.
While checking the packet content from OpenLDAP after ldap_bind() request, with Wireshark, there is a control hooked to the ldap_bind() response, were the message code and message text about password expiration is, but I can't manage to parse that message from response.
AFAIK, the OpenLDAP C API ldap_get_option() method doesn't have LDAP_OPT_SERVER_CONTRLOLS case implementation, and I can't get the PASSWORDPOLICYRESPONSE, although I have set the PASSWORDPOLICYREQUEST before the bind.
Use ldap_parse_result().
But if I want to get the response data after the bind request, what would be the LDAPresult object required by ldap_parse_result()?
Regards, Andrius Kulbis
openldap-technical@openldap.org
-
Andrius Kulbis -
Howard Chu -
Philip Guenther