Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • lemonldap-ng lemonldap-ng
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 329
    • Issues 329
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 13
    • Merge requests 13
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • LemonLDAP NG
  • lemonldap-nglemonldap-ng
  • Issues
  • #2346

Closed
Open
Created Oct 10, 2020 by Dave Conroy@daveconroy

LDAP Password Policy "Password field must be filled"

Environment

LemonLDAP::NG version: 2.0.9

Operating system: Alpine Linux 3.12 (Docker)

Web server: Nginx 1.19.3

Summary

Users unable to change password when expired via Ppolicy

Logs

Returned error: 67 (PE_PASSWORDFORMEMPTY) image

Backends used

LDAP Backend connecting to OpenLDAP 2.4.53

Additional Details

This is very similar to #1910 (closed) #2268 (closed) and potentially #1969 (closed)

We have a fairly basic in terms of complexity LLNG implementation:

Authentication Module: LDAP, Users Module: LDAP, Password Module: LDAP, Register Module: LDAP

LDAP Password Settings: All On with exception of IBM Tivolo DS Support. LDAP Password encoding utf-8, Reset Attribute pwdReset, Reset value TRUE

Macro: _whatToTrace: $_auth eq 'SAML' ? "$_user\@$_idpConfKey" : $_auth eq 'OpenIDConnect' ? "$_user\@$_oidcConnectedRP" : "$_user"

We have tried the fix listed in #1910 (closed) with no success.

Assignee
Assign to
Time tracking