What's the client-side trick in getting the ppErrStr string from the
check_password() function (from pwdCheckModule) actually back to the client
when using EXOP_MODIFY_PASSWD ?
Seems to require use of a ppolicy control, which appears to be effectively a
noop in 2.3.38 (before noticing the mention in the release notes) yet
completely broken in 2.3.41 resulting in:
../../../libraries/libldap/controls.c:437: ldap_create_control: Assertion `ber
!= ((void *)0)' failed.
this is using ldap_create_passwordpolicy_control() as such:
LDAPControl **ctrls = NULL;
....
ldap_create_passwordpolicy_control( ld, &ctrls );
(yes, this is from client/tools/ldappasswd.c). Checking the library code,
indeed, ppolicy.c:ldap_create_passwordpolicy_control() passes NULL in as *ber
into controls.c:ldap_create_control() in v .41 , hitting the assert( ber !=
NULL ).
More reading seems to suggest this whole mechanism is deprecated and will
likely go away.
So getting back.. i would like to report the "human-readable textual
explanation of the [check_password] error" back to the client (per
slapo-ppolicy(5)). Or is this not really implemented in v2.3 ?
thanks,
-eric
