PHP :: Bug #80820 :: Using ldap_exop_passwd with ppolicy control do not update $ldap resource

Bug #80820

Using ldap_exop_passwd with ppolicy control do not update $ldap resource

Submitted:

2021-03-02 23:00 UTC

Modified:

Votes:	5
Avg. Score:	5.0 ± 0.0
Reproduced:	5 of 5 (100.0%)
Same Version:	2 (40.0%)
Same OS:	3 (60.0%)

From:

clement dot oudot at worteks dot com

Assigned:

Status:

Open

Package:

LDAP related

PHP Version:

7.4.15

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	clement dot oudot at worteks dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2021-03-02 23:00 UTC] clement dot oudot at worteks dot com

Description:
------------
I tried to use ldap_exop_passwd with password policy (see my code in test script)

With this code, the $ldap resource is not updated, so error_code is still the previous one. There is no issue if not ctrls reference is passed at latest argument.



Test script:
---------------
            $ctrls = array();
            $exop_passwd = ldap_exop_passwd($ldap, $dn, $oldpassword, $password, $ctrls);
            $error_code = ldap_errno($ldap);
            $error_msg = ldap_error($ldap);
            error_log("TEST $error_code / $error_msg / $exop_passwd");
            if (!$exop_passwd) {
                if (isset($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE])) {
                    $value = $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value'];
                    if (isset($value['error'])) {
                        $ppolicy_error_code = $value['error'];
                        error_log("LDAP - Ppolicy error code: $ppolicy_error_code");
                    }
                }
            }

Expected result:
----------------
We should have in $error_code the value "19" when password is refused by LDAP directory when it is too short

Actual result:
--------------
Here is the current log:

[Tue Mar 02 23:47:30.736095 2021] [php7:warn] [pid 14066] [client 127.0.0.1:48158] PHP Warning:  ldap_exop_passwd(): Passwd modify extended operation failed: Password fails quality checking policy (19) in /usr/local/ssp/lib/functions.inc.php on line 457, referer: http://ssp.example.com/index.php?action=change
[Tue Mar 02 23:47:30.736195 2021] [php7:notice] [pid 14066] [client 127.0.0.1:48158] TEST 0 / Success / , referer: http://ssp.example.com/index.php?action=change
[Tue Mar 02 23:47:30.736228 2021] [php7:notice] [pid 14066] [client 127.0.0.1:48158] LDAP - Ppolicy error code: 6, referer: http://ssp.example.com/index.php?action=change

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-03-02 23:01 UTC] clement dot oudot at worteks dot com

Forgot to give the exact PHP version:
$ php -v
PHP 7.4.3 (cli) (built: Oct  6 2020 15:47:56) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Nov 04 10:00:02 2025 UTC