I've implemented password policies (ppolicy module) on my LDAP server. It looks like there is no "real" support for this in ldap_integration.

As a first task, it may be very nice to display the "text" field when you receive an err=50 from the LDAP server. Indeed, it's a very useful piece of text returned by the server in order to tell what exactly is the problem. For instance, here's one of my ldap log lines :

Jul 23 12:38:41 xxxx slapd[xxxx]: conn=75708 op=2 RESULT tag=103 err=50 text=Must supply old password to be changed as well as new one

"err=50" means "insufficient access rights", but the "text" field is event more explicit and should be displayed by drupal, in my opinion.

Then, if you want to support even more the password policy module, you should take some actions based on the "text" field (or "tag" which can be used instead... unfortunately, I have not found any documentation on this "tag" thingy) and probably create a specific password change form.

Comments

miglius’s picture

miglius commented

Just displaying the messages won't help as in the case for the old password this is not supported by the ldap_integration. You can setup a password policies on the drupal side instead. Check out the Password Policy drupal module.

cgmonroe’s picture

cgmonroe commented
Status: Active » Closed (won't fix)

Closing because #1 seems to answer request / inactivity.