Re: What is the option '-e ppolicy' ?

Thu, 01 May 2014 11:48:12 -0700 

I tried with and with the '-e ppolicy' option but that did not make a
difference in terms of behavior.  It did make a difference for the output
message.

For:   ldappasswd -x -w oldpassword -a oldpassword -s test -D "uid=aUser,
ou=MyUsers, dc=xyz, dc=com" -e ppolicy
The output is:

Result: Constraint violation (19)
Additional info: Password fails quality checking policy
control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAOBAQY=
ppolicy: error=6 (Password is too short for policy)

For:   ldappasswd -x -w oldpassword -a oldpassword -s test -D "uid=aUser,
ou=MyUsers, dc=xyz, dc=com"
The ouput is shorter:

Result: Constraint violation (19)
Additional info: Password fails quality checking policy

They both checked the password policy ('test' was too short).

I am still confused about what this 'extension' does. Is that just about
giving more details in the error output?

This is in openLDAP 2.4.39 and documented in the man ldapsearch page.  The
option is used in the ppolicy test code (test022-ppolicy).

Thanks,
Thierry




On Thu, May 1, 2014 at 3:43 AM, Michael Ströder <[email protected]>wrote:

> Dieter Klünter wrote:
> > Am Wed, 30 Apr 2014 14:56:41 -0600
> > schrieb Thierry Thelliez <[email protected]>:
> >>
> >> Looking at the test source code of 2.4.39 for the ppolicy script, I
> >> can see the ldapsearch is using a '-e ppolicy' option.   The man page
> >> for ldapsearch lists 'general extensions' under -e and -E options.
> >> But I cannot figure out what these extensions are.
> >>
> >> What is '-e ppolicy' ? and when do you need it?
> >
> > man ldapsearch(5)
> >
> > -e = general extended operation
> > -E = search extended operation
> > passwordPolicy is a general extended operation
>
> I have no man page like this for OpenLDAP. Which man page is this? It
> sounds
> strange to say something about extended operations.
>
> -e and -E are for specifying extended *controls* along with the LDAP
> (search)
> request:
>
> Excerpt from ldapsearch(1):
>
>        -e [!]ext[=extparam]
>
>        -E [!]ext[=extparam]
>
>               Specify general extensions with -e and search extensions with
>               -E.  ´!´ indicates criticality.
>
> Ciao, Michael.
>
>

Reply via email to