[email protected] wrote: > Full_Name: Sam Darwin > Version: openldap-2.4.31 > OS: Ubuntu 14.04 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (82.169.106.169) > > > Showing informative error messages is very important, especially with complex > software. In this case, the error was misleading, so maybe it can be > updated. > > $ ldappasswd -D "uid=exampleuser,ou=users,dc=example,dc=net"h h ldap01 -W -e > ppolicy > Enter LDAP Password: > Result: Constraint violation (19) > Additional info: Password fails quality checking policy > control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAOBAQY= > ppolicy: error=6 (Password is too short for policy) > > It looks like the password is too short, right? > > Actually, the problem is completely different, which I discovered after some > time. > > -S "uid=exampleuser,ou=users,dc=example,dc=net" should also be added to that > command. > > So, the real error was either that no password at all had been provided, or no > user had been provided, or both. It had not even requested a new password. > The new password was not too short, it was non-existent, which is something > else > entirely. > > So, my request is to make the error reporting more sophisticated here, and any > place else that is analogous to this case. make the answer a bit more > obvious.
Your report is invalid. The ldappasswd(1) manpage clearly states that if you don't provide a new password, the server will be asked to generate one. In this particular case, the password the server generated was too short for your policy. The manpage also states clearly that if you don't specify [user] DN, it will change the password of the user that bound to the server. The error message was correct. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
