Hello list.
Some time ago, I had an issue with set_password() not handling controls:
http://www.nntp.perl.org/group/perl.ldap/2008/09/msg2950.html
It was fixed in perl-ldap 0.38.
I also opened an ITS in openldap, because apparently password modify
exop was not returning ppolicy control correctly:
http://www.openldap.org/lists/openldap-bugs/200809/msg00178.html
It was fixed in openldap 2.4.12
However, it still doesn't work. The following test case shows than the
value returned by $response->control( LDAP_CONTROL_PASSWORDPOLICY ) is
always '1', instead of an instance of Net::LDAP::Control::PasswordPolicy
class.
#!/usr/bin/perl
use Net::LDAP;
use Net::LDAP::Extension::SetPassword;
use Net::LDAP::Control::PasswordPolicy;
use Net::LDAP::Constant qw( LDAP_CONTROL_PASSWORDPOLICY );
use Data::Dumper;
my $ldap = Net::LDAP->new(
'ldaps://ldap.domain.com',
verify => 'require',
capath => '/etc/pki/tls/certs'
) or die "impossible to connect: $@";
my $pp = Net::LDAP::Control::PasswordPolicy->new();
my $result = $ldap->bind(
shift,
password => shift,
);
die 'impossible to bind: ' . $result->error() if $result->code();
$result = $ldap->set_password(
newpasswd => 'a',
control => [ $pp ]
);
my $response = $result->control(LDAP_CONTROL_PASSWORDPOLICY);
print Dumper($response);
[r...@etoile ~]# perl test.pl <user> <password>
$VAR1 = 1;
Before I reopen the ITS, I'd like to be sure my perl code is correct
first. In particular, is this normal to send a control object in the
request, and to get another distinct control object from the response ?
I tested with perl-ldap 0.39.
--
BOFH excuse #333:
A plumber is needed, the network drain is clogged
