|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80820 Using ldap_exop_passwd with ppolicy control do not update $ldap resource
Submitted: 2021-03-02 23:00 UTC Modified: -
Avg. Score:5.0 ± 0.0
Reproduced:5 of 5 (100.0%)
Same Version:2 (40.0%)
Same OS:3 (60.0%)
From: clement dot oudot at worteks dot com Assigned:
Status: Open Package: LDAP related
PHP Version: 7.4.15 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: clement dot oudot at worteks dot com
New email:
PHP Version: OS:


 [2021-03-02 23:00 UTC] clement dot oudot at worteks dot com
I tried to use ldap_exop_passwd with password policy (see my code in test script)

With this code, the $ldap resource is not updated, so error_code is still the previous one. There is no issue if not ctrls reference is passed at latest argument.

Test script:
            $ctrls = array();
            $exop_passwd = ldap_exop_passwd($ldap, $dn, $oldpassword, $password, $ctrls);
            $error_code = ldap_errno($ldap);
            $error_msg = ldap_error($ldap);
            error_log("TEST $error_code / $error_msg / $exop_passwd");
            if (!$exop_passwd) {
                if (isset($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE])) {
                    $value = $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value'];
                    if (isset($value['error'])) {
                        $ppolicy_error_code = $value['error'];
                        error_log("LDAP - Ppolicy error code: $ppolicy_error_code");

Expected result:
We should have in $error_code the value "19" when password is refused by LDAP directory when it is too short

Actual result:
Here is the current log:

[Tue Mar 02 23:47:30.736095 2021] [php7:warn] [pid 14066] [client] PHP Warning:  ldap_exop_passwd(): Passwd modify extended operation failed: Password fails quality checking policy (19) in /usr/local/ssp/lib/ on line 457, referer:
[Tue Mar 02 23:47:30.736195 2021] [php7:notice] [pid 14066] [client] TEST 0 / Success / , referer:
[Tue Mar 02 23:47:30.736228 2021] [php7:notice] [pid 14066] [client] LDAP - Ppolicy error code: 6, referer:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-02 23:01 UTC] clement dot oudot at worteks dot com
Forgot to give the exact PHP version:
$ php -v
PHP 7.4.3 (cli) (built: Oct  6 2020 15:47:56) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jun 15 11:01:30 2024 UTC