Hi Mike, On Friday, 11. April 2008, Mike Peachey wrote: > I have discovered a critical bug in Net::LDAP 0.35 and submitted the > following ticket: > http://rt.cpan.org/Ticket/Display.html?id=34878 > > In 0.35, the Net::Ldap::Util::ldap_error_name subroutine is broken which > means that all functions such as Net::LDAP->code() that return a message > as a constant are broken. > > Instead of returning the correct message, Password Policy (PP) constants > are being returned instead. > > The most crucial example is that a successful bind or search is > returning LDAP_PP_PASSWORD_EXPIRED (0) instead of LDAP_SUCCESS (0). You > can code around this failure by using resultCode() instead to get the > integer form of the result code, however all current perl modules that > determine results by using the constant names will function unexpectedly. > > Please advise me *quickly* if you think for any reason that I have the > wrong end of the stick here, but having passed it by a few colleagues > I'm pretty damn sure this is a bug and a critical one.
You are right, this is a bug. I committed a patch to perl-ldap-SVN to fix it. For you convenience I also append it to this posting. Please test and report back. CU PEter -- Peter Marschall [EMAIL PROTECTED]
--- Constant.pm (revision 549) +++ Constant.pm (working copy) @@ -135,60 +135,32 @@ Operation completed without error -=item LDAP_PP_PASSWORD_EXPIRED (0) - -The account's password has expired. - =item LDAP_OPERATIONS_ERROR (1) Server encountered an internal error -=item LDAP_PP_ACCOUNT_LOCKED (1) - -The account is locked. - =item LDAP_PROTOCOL_ERROR (2) Unrecognized version number or incorrect PDU structure -=item LDAP_PP_CHANGE_AFTER_RESET (2) - -The account's password has been reset and now must be changed. - =item LDAP_TIMELIMIT_EXCEEDED (3) The time limit on a search operation has been exceeded -=item LDAP_PP_PASSWORD_MOD_NOT_ALLOWED (3) - -The account's password may not be modified. - =item LDAP_SIZELIMIT_EXCEEDED (4) The maximum number of search results to return has been exceeded. -=item LDAP_PP_MUST_SUPPLY_OLD_PASSWORD (4) - -The old password must also be supplied when setting a new password. - =item LDAP_COMPARE_FALSE (5) This code is returned when a compare request completes and the attribute value given is not in the entry specified -=item LDAP_PP_INSUFFICIENT_PASSWORD_QUALITY (5) - -The new password was not of sufficient quality. - =item LDAP_COMPARE_TRUE (6) This code is returned when a compare request completes and the attribute value given is in the entry specified -=item LDAP_PP_PASSWORD_TOO_SHORT (6) - -The new password was too short. - =item LDAP_AUTH_METHOD_NOT_SUPPORTED (7) Unrecognized SASL mechanism name @@ -197,18 +169,10 @@ Unrecognized SASL mechanism name -=item LDAP_PP_PASSWORD_TOO_YOUNG (7) - -The previous password was changed too recently. - =item LDAP_STRONG_AUTH_REQUIRED (8) The server requires authentication be performed with a SASL mechanism -=item LDAP_PP_PASSWORD_IN_HISTORY (8) - -The new password was used too recently. - =item LDAP_PARTIAL_RESULTS (9) Returned to version 2 clients when a referral is returned. The response @@ -513,6 +477,48 @@ =back +=head2 Control constants + +=over 4 + +=item LDAP_PP_PASSWORD_EXPIRED (0) [LDAP_CONTROL_PASSWORDPOLICY] + +The account's password has expired. + +=item LDAP_PP_ACCOUNT_LOCKED (1) [LDAP_CONTROL_PASSWORDPOLICY] + +The account is locked. + +=item LDAP_PP_CHANGE_AFTER_RESET (2) [LDAP_CONTROL_PASSWORDPOLICY] + +The account's password has been reset and now must be changed. + +=item LDAP_PP_PASSWORD_MOD_NOT_ALLOWED (3) [LDAP_CONTROL_PASSWORDPOLICY] + +The account's password may not be modified. + +=item LDAP_PP_MUST_SUPPLY_OLD_PASSWORD (4) [LDAP_CONTROL_PASSWORDPOLICY] + +The old password must also be supplied when setting a new password. + +=item LDAP_PP_INSUFFICIENT_PASSWORD_QUALITY (5) [LDAP_CONTROL_PASSWORDPOLICY] + +The new password was not of sufficient quality. + +=item LDAP_PP_PASSWORD_TOO_SHORT (6) [LDAP_CONTROL_PASSWORDPOLICY] + +The new password was too short. + +=item LDAP_PP_PASSWORD_TOO_YOUNG (7) [LDAP_CONTROL_PASSWORDPOLICY] + +The previous password was changed too recently. + +=item LDAP_PP_PASSWORD_IN_HISTORY (8) [LDAP_CONTROL_PASSWORDPOLICY] + +The new password was used too recently. + +=back + =head2 Extension OIDs B<Net::LDAP::Constant> exports constant subroutines for the following LDAP
