Le 2016-11-22 10:45, Clément OUDOT a écrit : > 2016-11-21 18:24 GMT+01:00 k c <[email protected]>: > >> Looking at your logs, an idea came to my mind. I have a posthook >> script >> that manages the password history and prevents users to set an older >> password for their account. >> >> I disabled posthook but the problem is still here. > > > Indeed, I see no link between the posthook script and the issue you > have. >
It is dependant of how ssp works, so it does his job (rollback password if needed) after ssp have done the changes. But that'a another story. > >> [Mon Nov 21 16:52:42.432046 2016] [:error] [pid 11565] [client >> 10.75.1.57:43106] PHP Warning: ldap_get_values(): Cannot get the >> value(s) of attribute Decoding error in >> /usr/share/self-service-password/lib/functions.inc.php on line 259, >> referer: >> https://ssp.company.com/motdepasse/index.php?action=resetbytoken&token=44:qO4BudofumwxPJs1Nwe7VcsMYOf5uHMi79Qfge/nCWw=l1Qra33VKgZt9xsYiMpq6AUD5h98KSJoZi8= > > The error is here. I don't see why you get it only with resetbytoken > and not in change mode. > I had a doubt about versions, so I have tested it again with 1.0.2 in change mode and I can confirm I works well. > The issue may be linked to your LDAP Directory, which one are you > using? > openldap 2.4.40 2.4.40+dfsg-1+deb8u1 and I realize I have not specified ssp version, I'm using 1.0.2. > > What you can try is to get binary value for userPassword by changing > this line in lib/functions.inc.php > > $userpassword = ldap_get_values($ldap, > ldap_first_entry($ldap,$search_userpassword), "userPassword"); > > Into : > > $userpassword = ldap_get_values_len($ldap, > ldap_first_entry($ldap,$search_userpassword), "userPassword;binary"); > still the same :/ I don't know if that can help, but when I issue a ldapsearch operation, the userPassword is base64 encoded. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
