Skip to content

GitLab

Open
Created by Dave Conroy@daveconroy

LDAP Password Policy "Password field must be filled"

Environment

LemonLDAP::NG version: 2.0.9

Operating system: Alpine Linux 3.12 (Docker)

Web server: Nginx 1.19.3

Summary

Users unable to change password when expired via Ppolicy

Logs

Returned error: 67 (PE_PASSWORDFORMEMPTY) image

Backends used

LDAP Backend connecting to OpenLDAP 2.4.53

Additional Details

This is very similar to #1910 (closed) #2268 (closed) and potentially #1969 (closed)

We have a fairly basic in terms of complexity LLNG implementation:

Authentication Module: LDAP, Users Module: LDAP, Password Module: LDAP, Register Module: LDAP

LDAP Password Settings: All On with exception of IBM Tivolo DS Support. LDAP Password encoding utf-8, Reset Attribute pwdReset, Reset value TRUE

Macro: _whatToTrace: $_auth eq 'SAML' ? "$_user\@$_idpConfKey" : $_auth eq 'OpenIDConnect' ? "$_user\@$_oidcConnectedRP" : "$_user"

We have tried the fix listed in #1910 (closed) with no success.