PHP :: Bug #80820 :: Using ldap_exop_passwd with ppolicy control do not update $ldap resource

Bug #80820

Using ldap_exop_passwd with ppolicy control do not update $ldap resource

Submitted:

2021-03-02 23:00 UTC

Modified:

Votes:	5
Avg. Score:	5.0 ± 0.0
Reproduced:	5 of 5 (100.0%)
Same Version:	2 (40.0%)
Same OS:	3 (60.0%)

From:

clement dot oudot at worteks dot com

Assigned:

Status:

Open

Package:

LDAP related

PHP Version:

7.4.15

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	clement dot oudot at worteks dot com
New email:
PHP Version:		OS:

New Comment:

[2021-03-02 23:00 UTC] clement dot oudot at worteks dot com

Description:
------------
I tried to use ldap_exop_passwd with password policy (see my code in test script)

With this code, the $ldap resource is not updated, so error_code is still the previous one. There is no issue if not ctrls reference is passed at latest argument.



Test script:
---------------
            $ctrls = array();
            $exop_passwd = ldap_exop_passwd($ldap, $dn, $oldpassword, $password, $ctrls);
            $error_code = ldap_errno($ldap);
            $error_msg = ldap_error($ldap);
            error_log("TEST $error_code / $error_msg / $exop_passwd");
            if (!$exop_passwd) {
                if (isset($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE])) {
                    $value = $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value'];
                    if (isset($value['error'])) {
                        $ppolicy_error_code = $value['error'];
                        error_log("LDAP - Ppolicy error code: $ppolicy_error_code");
                    }
                }
            }

Expected result:
----------------
We should have in $error_code the value "19" when password is refused by LDAP directory when it is too short

Actual result:
--------------
Here is the current log:

[Tue Mar 02 23:47:30.736095 2021] [php7:warn] [pid 14066] [client 127.0.0.1:48158] PHP Warning:  ldap_exop_passwd(): Passwd modify extended operation failed: Password fails quality checking policy (19) in /usr/local/ssp/lib/functions.inc.php on line 457, referer: http://ssp.example.com/index.php?action=change
[Tue Mar 02 23:47:30.736195 2021] [php7:notice] [pid 14066] [client 127.0.0.1:48158] TEST 0 / Success / , referer: http://ssp.example.com/index.php?action=change
[Tue Mar 02 23:47:30.736228 2021] [php7:notice] [pid 14066] [client 127.0.0.1:48158] LDAP - Ppolicy error code: 6, referer: http://ssp.example.com/index.php?action=change

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-03-02 23:01 UTC] clement dot oudot at worteks dot com

Forgot to give the exact PHP version:
$ php -v
PHP 7.4.3 (cli) (built: Oct  6 2020 15:47:56) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Apr 02 10:01:30 2025 UTC