Chris Ridd a écrit :
On 26 May 2009, at 15:56, Guillaume Rousse wrote:
Chris Ridd a écrit :
On 26 May 2009, at 14:42, Guillaume Rousse wrote:
Hello list.
Some time ago, I had an issue with set_password() not handling
controls:
http://www.nntp.perl.org/group/perl.ldap/2008/09/msg2950.html
It was fixed in perl-ldap 0.38.
I also opened an ITS in openldap, because apparently password modify
exop was not returning ppolicy control correctly:
http://www.openldap.org/lists/openldap-bugs/200809/msg00178.html
It was fixed in openldap 2.4.12
However, it still doesn't work. The following test case shows than
the value returned by $response->control(
LDAP_CONTROL_PASSWORDPOLICY ) is always '1', instead of an instance
of Net::LDAP::Control::PasswordPolicy class.
Can you give us BER dumps of the exop itself and the response?
Is there any other way beyond network capture directly ?
It is the only way to prove what's being sent/returned is buggy (or
not). If the data being sent/returned is good, we look to see where the
perl code's gone wrong, if it is bad there's not much we can do.
Use the debug method on your Net::LDAP object to get the output, maybe
xx out the sensitive hex and ASCII data.
Here you have, with both debug output mode.
--
BOFH excuse #372:
Forced to support NT servers; sysadmins quit.
Net::LDAP=HASH(0x9e63030) sending:
0000 67: SEQUENCE {
0002 1: INTEGER = 1
0005 62: [APPLICATION 0] {
0007 1: INTEGER = 3
000A 47: STRING = 'uid=rousse,ou=users,dc=msr-inria,dc=inria,dc=fr'
003B 8: [CONTEXT 0]
003D : 54 63 48 65 4B 40 32 31 __ __ __ __ __ __ __ __ XXXXXXX
0045 : }
0045 : }
Net::LDAP=HASH(0x9e63030) received:
0000 12: SEQUENCE {
0002 1: INTEGER = 1
0005 7: [APPLICATION 1] {
0007 1: ENUM = 0
000A 0: STRING = ''
000C 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x9e63030) sending:
0000 68: SEQUENCE {
0002 1: INTEGER = 2
0005 32: [APPLICATION 23] {
0007 23: [CONTEXT 0]
0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 34 32 30 33
1.3.6.1.4.1.4203
0019 : 2E 31 2E 31 31 2E 31 __ __ __ __ __ __ __ __ __ .1.11.1
0020 5: [CONTEXT 1]
0022 : 30 03 82 01 61 __ __ __ __ __ __ __ __ __ __ __ 0...a
0027 : }
0027 29: [CONTEXT 0] {
0029 27: SEQUENCE {
002B 25: STRING = '1.3.6.1.4.1.42.2.27.8.5.1'
0046 : }
0046 : }
0046 : }
Net::LDAP=HASH(0x9e63030) received:
0000 88: SEQUENCE {
0002 1: INTEGER = 2
0005 45: [APPLICATION 24] {
0007 1: ENUM = 19
000A 0: STRING = ''
000C 38: STRING = 'Password fails quality checking policy'
0034 : }
0034 36: [CONTEXT 0] {
0036 34: SEQUENCE {
0038 25: STRING = '1.3.6.1.4.1.42.2.27.8.5.1'
0053 5: STRING
0055 : 30 03 81 01 06 __ __ __ __ __ __ __ __ __ __ __ 0....
005A : }
005A : }
005A : }
Net::LDAP=HASH(0x9136ff0) sending:
30 43 02 01 01 60 3E 02 01 03 04 2F 75 69 64 3D 0C...`>..../uid=
72 6F 75 73 73 65 2C 6F 75 3D 75 73 65 72 73 2C rousse,ou=users,
64 63 3D 6D 73 72 2D 69 6E 72 69 61 2C 64 63 3D dc=msr-inria,dc=
69 6E 72 69 61 2C 64 63 3D 66 72 80 08 54 XX XX inria,dc=fr..XXX
XX XX XX XX XX __ __ __ __ __ __ __ __ __ __ __ XXXXX
Net::LDAP=HASH(0x9136ff0) received:
30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
Net::LDAP=HASH(0x9136ff0) sending:
30 44 02 01 02 77 20 80 17 31 2E 33 2E 36 2E 31 0D...w ..1.3.6.1
2E 34 2E 31 2E 34 32 30 33 2E 31 2E 31 31 2E 31 .4.1.4203.1.11.1
81 05 30 03 82 01 61 A0 1D 30 1B 04 19 31 2E 33 ..0...a..0...1.3
2E 36 2E 31 2E 34 2E 31 2E 34 32 2E 32 2E 32 37 .6.1.4.1.42.2.27
2E 38 2E 35 2E 31 __ __ __ __ __ __ __ __ __ __ .8.5.1
Net::LDAP=HASH(0x9136ff0) received:
30 58 02 01 02 78 2D 0A 01 13 04 00 04 26 50 61 0X...x-......&Pa
73 73 77 6F 72 64 20 66 61 69 6C 73 20 71 75 61 ssword fails qua
6C 69 74 79 20 63 68 65 63 6B 69 6E 67 20 70 6F lity checking po
6C 69 63 79 A0 24 30 22 04 19 31 2E 33 2E 36 2E licy.$0"..1.3.6.
31 2E 34 2E 31 2E 34 32 2E 32 2E 32 37 2E 38 2E 1.4.1.42.2.27.8.
35 2E 31 04 05 30 03 81 01 06 __ __ __ __ __ __ 5.1..0....
