php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80820 Using ldap_exop_passwd with ppolicy control do not update $ldap resource
Submitted: 2021-03-02 23:00 UTC Modified: -
Votes:5
Avg. Score:5.0 ± 0.0
Reproduced:5 of 5 (100.0%)
Same Version:2 (40.0%)
Same OS:3 (60.0%)
From: clement dot oudot at worteks dot com Assigned:
Status: Open Package: LDAP related
PHP Version: 7.4.15 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: clement dot oudot at worteks dot com
New email:
PHP Version: OS:

 

 [2021-03-02 23:00 UTC] clement dot oudot at worteks dot com 
Description:
------------
I tried to use ldap_exop_passwd with password policy (see my code in test script)

With this code, the $ldap resource is not updated, so error_code is still the previous one. There is no issue if not ctrls reference is passed at latest argument.



Test script:
---------------
            $ctrls = array();
            $exop_passwd = ldap_exop_passwd($ldap, $dn, $oldpassword, $password, $ctrls);
            $error_code = ldap_errno($ldap);
            $error_msg = ldap_error($ldap);
            error_log("TEST $error_code / $error_msg / $exop_passwd");
            if (!$exop_passwd) {
                if (isset($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE])) {
                    $value = $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value'];
                    if (isset($value['error'])) {
                        $ppolicy_error_code = $value['error'];
                        error_log("LDAP - Ppolicy error code: $ppolicy_error_code");
                    }
                }
            }

Expected result:
----------------
We should have in $error_code the value "19" when password is refused by LDAP directory when it is too short

Actual result:
--------------
Here is the current log:

[Tue Mar 02 23:47:30.736095 2021] [php7:warn] [pid 14066] [client 127.0.0.1:48158] PHP Warning:  ldap_exop_passwd(): Passwd modify extended operation failed: Password fails quality checking policy (19) in /usr/local/ssp/lib/functions.inc.php on line 457, referer: http://ssp.example.com/index.php?action=change
[Tue Mar 02 23:47:30.736195 2021] [php7:notice] [pid 14066] [client 127.0.0.1:48158] TEST 0 / Success / , referer: http://ssp.example.com/index.php?action=change
[Tue Mar 02 23:47:30.736228 2021] [php7:notice] [pid 14066] [client 127.0.0.1:48158] LDAP - Ppolicy error code: 6, referer: http://ssp.example.com/index.php?action=change

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-02 23:01 UTC] clement dot oudot at worteks dot com 
Forgot to give the exact PHP version:
$ php -v
PHP 7.4.3 (cli) (built: Oct  6 2020 15:47:56) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 18:01:29 2024 UTC