php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80820 Using ldap_exop_passwd with ppolicy control do not update $ldap resource
Submitted: 2021-03-02 23:00 UTC Modified: -
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: clement dot oudot at worteks dot com Assigned:
Status: Open Package: LDAP related
PHP Version: 7.4.15 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
11 + 23 = ?
Subscribe to this entry?

 
 [2021-03-02 23:00 UTC] clement dot oudot at worteks dot com
Description:
------------
I tried to use ldap_exop_passwd with password policy (see my code in test script)

With this code, the $ldap resource is not updated, so error_code is still the previous one. There is no issue if not ctrls reference is passed at latest argument.



Test script:
---------------
            $ctrls = array();
            $exop_passwd = ldap_exop_passwd($ldap, $dn, $oldpassword, $password, $ctrls);
            $error_code = ldap_errno($ldap);
            $error_msg = ldap_error($ldap);
            error_log("TEST $error_code / $error_msg / $exop_passwd");
            if (!$exop_passwd) {
                if (isset($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE])) {
                    $value = $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value'];
                    if (isset($value['error'])) {
                        $ppolicy_error_code = $value['error'];
                        error_log("LDAP - Ppolicy error code: $ppolicy_error_code");
                    }
                }
            }

Expected result:
----------------
We should have in $error_code the value "19" when password is refused by LDAP directory when it is too short

Actual result:
--------------
Here is the current log:

[Tue Mar 02 23:47:30.736095 2021] [php7:warn] [pid 14066] [client 127.0.0.1:48158] PHP Warning:  ldap_exop_passwd(): Passwd modify extended operation failed: Password fails quality checking policy (19) in /usr/local/ssp/lib/functions.inc.php on line 457, referer: http://ssp.example.com/index.php?action=change
[Tue Mar 02 23:47:30.736195 2021] [php7:notice] [pid 14066] [client 127.0.0.1:48158] TEST 0 / Success / , referer: http://ssp.example.com/index.php?action=change
[Tue Mar 02 23:47:30.736228 2021] [php7:notice] [pid 14066] [client 127.0.0.1:48158] LDAP - Ppolicy error code: 6, referer: http://ssp.example.com/index.php?action=change


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-02 23:01 UTC] clement dot oudot at worteks dot com
Forgot to give the exact PHP version:
$ php -v
PHP 7.4.3 (cli) (built: Oct  6 2020 15:47:56) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Oct 19 16:03:35 2021 UTC