Ppolicy control should be sent with every request...

handle returns in ldappasswd(1) and ldapwhoami(1).  Likely needs to be
added to other ldap*(1) commands.

clients/tools/common.c

@@ -1279,7 +1279,7 @@ void
 tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
 {
 	int i = 0, j, crit = 0, err;
-	LDAPControl c[10], **ctrls;
+	LDAPControl c[12], **ctrls;
 
 	if ( ! ( assertctl
 		|| authzid
@@ -1289,6 +1289,9 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
 		|| manageDIT
 		|| manageDSAit
 		|| noop
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+		|| ppolicy
+#endif
 		|| preread
 		|| postread
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
@@ -1391,6 +1394,16 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
 		i++;
 	}
 
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+	if ( ppolicy ) {
+		c[i].ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+		BER_BVZERO( &c[i].ldctl_value );
+		c[i].ldctl_iscritical = 0;
+		ctrls[i] = &c[i];
+		i++;
+	}
+#endif
+
 	if ( preread ) {
 		char berbuf[LBER_ELEMENT_SIZEOF];
 		BerElement *ber = (BerElement *)berbuf;
@@ -1691,7 +1704,8 @@ print_ppolicy( LDAP *ld, LDAPControl *ctrl )
 
 		if ( pperr != PP_noError ) {
 			ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ),
-				"%serror=%s", ptr == buf ? "" : " ",
+				"%serror=%d (%s)", ptr == buf ? "" : " ",
+				pperr,
 				ldap_passwordpolicy_err2txt( pperr ) );
 		}
 

clients/tools/ldappasswd.c

@@ -177,6 +177,7 @@ main( int argc, char *argv[] )
 	char *matcheddn = NULL, *text = NULL, **refs = NULL;
 	char	*retoid = NULL;
 	struct berval *retdata = NULL;
+	LDAPControl **ctrls = NULL;
 
     tool_init( TOOL_PASSWD );
 	prog = lutil_progname( "ldappasswd", argc, argv );
@@ -344,7 +345,7 @@ main( int argc, char *argv[] )
 	}
 
 	rc = ldap_parse_result( ld, res,
-		&code, &matcheddn, &text, &refs, NULL, 0 );
+		&code, &matcheddn, &text, &refs, &ctrls, 0 );
 	if( rc != LDAP_SUCCESS ) {
 		tool_perror( "ldap_parse_result", rc, NULL, NULL, NULL, NULL );
 		rc = EXIT_FAILURE;
@@ -386,7 +387,10 @@ main( int argc, char *argv[] )
 			" new password expected", NULL, NULL, NULL );
 	}
 
-	if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
+skip:
+	if( verbose || code != LDAP_SUCCESS ||
+		matcheddn || text || refs || ctrls )
+	{
 		printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );
 
 		if( text && *text ) {
@@ -403,6 +407,11 @@ main( int argc, char *argv[] )
 				printf(_("Referral: %s\n"), refs[i] );
 			}
 		}
+
+		if( ctrls ) {
+			tool_print_ctrls( ld, ctrls );
+			ldap_controls_free( ctrls );
+		}
 	}
 
 	ber_memfree( text );

clients/tools/ldapwhoami.c

@@ -118,6 +118,7 @@ main( int argc, char *argv[] )
 	struct berval	*retdata = NULL;
 	int		id, code = 0;
 	LDAPMessage	*res;
+	LDAPControl	**ctrls = NULL;
 
 	tool_init( TOOL_WHOAMI );
 	prog = lutil_progname( "ldapwhoami", argc, argv );
@@ -186,7 +187,7 @@ main( int argc, char *argv[] )
 	}
 
 	rc = ldap_parse_result( ld, res,
-		&code, &matcheddn, &text, &refs, NULL, 0 );
+		&code, &matcheddn, &text, &refs, &ctrls, 0 );
 
 	if ( rc == LDAP_SUCCESS ) {
 		rc = code;
@@ -214,7 +215,10 @@ main( int argc, char *argv[] )
 		}
 	}
 
-	if( verbose || ( code != LDAP_SUCCESS ) || matcheddn || text || refs ) {
+skip:
+	if ( verbose || ( code != LDAP_SUCCESS ) ||
+		matcheddn || text || refs || ctrls )
+	{
 		printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );
 
 		if( text && *text ) {
@@ -231,6 +235,11 @@ main( int argc, char *argv[] )
 				printf(_("Referral: %s\n"), refs[i] );
 			}
 		}
+
+		if (ctrls) {
+			tool_print_ctrls( ld, ctrls );
+			ldap_controls_free( ctrls );
+		}
 	}
 
 	ber_memfree( text );
@@ -239,7 +248,6 @@ main( int argc, char *argv[] )
 	ber_memfree( retoid );
 	ber_bvfree( retdata );
 
-skip:
 	/* disconnect from server */
 	tool_unbind( ld );
 	tool_destroy();