diff --git a/clients/tools/common.c b/clients/tools/common.c index a881d6e52e..99f0807d28 100644 --- a/clients/tools/common.c +++ b/clients/tools/common.c @@ -1279,7 +1279,7 @@ void tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count ) { int i = 0, j, crit = 0, err; - LDAPControl c[10], **ctrls; + LDAPControl c[12], **ctrls; if ( ! ( assertctl || authzid @@ -1289,6 +1289,9 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count ) || manageDIT || manageDSAit || noop +#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST + || ppolicy +#endif || preread || postread #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR @@ -1391,6 +1394,16 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count ) i++; } +#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST + if ( ppolicy ) { + c[i].ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST; + BER_BVZERO( &c[i].ldctl_value ); + c[i].ldctl_iscritical = 0; + ctrls[i] = &c[i]; + i++; + } +#endif + if ( preread ) { char berbuf[LBER_ELEMENT_SIZEOF]; BerElement *ber = (BerElement *)berbuf; @@ -1691,7 +1704,8 @@ print_ppolicy( LDAP *ld, LDAPControl *ctrl ) if ( pperr != PP_noError ) { ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), - "%serror=%s", ptr == buf ? "" : " ", + "%serror=%d (%s)", ptr == buf ? "" : " ", + pperr, ldap_passwordpolicy_err2txt( pperr ) ); } diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index 9e0cbbd206..36b148de5b 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -177,6 +177,7 @@ main( int argc, char *argv[] ) char *matcheddn = NULL, *text = NULL, **refs = NULL; char *retoid = NULL; struct berval *retdata = NULL; + LDAPControl **ctrls = NULL; tool_init( TOOL_PASSWD ); prog = lutil_progname( "ldappasswd", argc, argv ); @@ -344,7 +345,7 @@ main( int argc, char *argv[] ) } rc = ldap_parse_result( ld, res, - &code, &matcheddn, &text, &refs, NULL, 0 ); + &code, &matcheddn, &text, &refs, &ctrls, 0 ); if( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_result", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; @@ -386,7 +387,10 @@ main( int argc, char *argv[] ) " new password expected", NULL, NULL, NULL ); } - if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) { +skip: + if( verbose || code != LDAP_SUCCESS || + matcheddn || text || refs || ctrls ) + { printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code ); if( text && *text ) { @@ -403,6 +407,11 @@ main( int argc, char *argv[] ) printf(_("Referral: %s\n"), refs[i] ); } } + + if( ctrls ) { + tool_print_ctrls( ld, ctrls ); + ldap_controls_free( ctrls ); + } } ber_memfree( text ); diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c index 7d20097848..158f2a3206 100644 --- a/clients/tools/ldapwhoami.c +++ b/clients/tools/ldapwhoami.c @@ -118,6 +118,7 @@ main( int argc, char *argv[] ) struct berval *retdata = NULL; int id, code = 0; LDAPMessage *res; + LDAPControl **ctrls = NULL; tool_init( TOOL_WHOAMI ); prog = lutil_progname( "ldapwhoami", argc, argv ); @@ -186,7 +187,7 @@ main( int argc, char *argv[] ) } rc = ldap_parse_result( ld, res, - &code, &matcheddn, &text, &refs, NULL, 0 ); + &code, &matcheddn, &text, &refs, &ctrls, 0 ); if ( rc == LDAP_SUCCESS ) { rc = code; @@ -214,7 +215,10 @@ main( int argc, char *argv[] ) } } - if( verbose || ( code != LDAP_SUCCESS ) || matcheddn || text || refs ) { +skip: + if ( verbose || ( code != LDAP_SUCCESS ) || + matcheddn || text || refs || ctrls ) + { printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code ); if( text && *text ) { @@ -231,6 +235,11 @@ main( int argc, char *argv[] ) printf(_("Referral: %s\n"), refs[i] ); } } + + if (ctrls) { + tool_print_ctrls( ld, ctrls ); + ldap_controls_free( ctrls ); + } } ber_memfree( text ); @@ -239,7 +248,6 @@ main( int argc, char *argv[] ) ber_memfree( retoid ); ber_bvfree( retdata ); -skip: /* disconnect from server */ tool_unbind( ld ); tool_destroy();