set-password extended operation encoding error

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I Stripped the ldap portion of the script to make the extended 
request look like the one ldappasswd.c (from the OpenLDAP distribution)
is sending so it's now just:

   $mesg = $ld->bind($LDAP_ENTRYDN, password => $OLD_PASSWORD);
   if ($mesg->code)
   {
      print STDERR "UNDEF ............ $prgname (Bind failed. ",$mesg->error,")
\n";
      admind_close();
      exit;
   }

   $passwdModReq = Convert::ASN1->new;
   $passwdModReq->prepare(q<SEQUENCE {
                       newPasswd    [1] STRING OPTIONAL
                       }>);

   $passwdModRes = Convert::ASN1->new;
   $passwdModRes->prepare(q<SEQUENCE {
                       genPasswd    [0] STRING OPTIONAL
                       }>);

   # Now construct the arguments
   $val = $passwdModReq->encode( newPasswd => 'Secretmd5' );

   # Now send the operation
   $res = $ld->extension(name => '1.3.6.1.4.1.4203.1.11.1', value => $val);

Here is the hex dump of a ldappasswd request that succeeds:

30 2c 02 01 02 77 27 80  17 31 2e 33 2e 36 2e 31   0,...w'..1.3.6.1  
2e 34 2e 31 2e 34 32 30  33 2e 31 2e 31 31 2e 31   .4.1.4203.1.11.1  
81 0c 30 0a 82 08 50 61  75 6c 30 30 30 35         ..0...Paul0005 

And here is one that fails from the extension method in Net::LDAP

30 2D 02 01 02 77 28 80 17 31 2E 33 2E 36 2E 31 0-...w(..1.3.6.1
2E 34 2E 31 2E 34 32 30 33 2E 31 2E 31 31 2E 31 .4.1.4203.1.11.1
81 0D 30 0B 81 09 53 65 63 72 65 74 6D 64 35 __ ..0...Secretmd5

This does look like an encoding error to me.

--Darryl
Darryl C Price
Conversant Systems, LLC
Email:  da...@co...
Phone:  (513)768-3120
Mobile: (513)225-8528
Web:    http://www.convsys.com