[389-devel] q about bug 554887 - Net::LDAP password modify extop breaks; msgid in response is 0xFF

[Rich Megginson]

https://bugzilla.redhat.com/show_bug.cgi?id=554887

The problem appears to be this - passwd_extop.c line 173:
        /* We copy the connection from the original pblock into the
         * pblock we use for the internal modify operation.  We do
         * this to allow the password policy code to be able to tell
         * that the password change was initiated by the user who
         * sent the extended operation instead of always assuming
         * that it was done by the root DN. */
        pb.pb_conn = pb_orig->pb_conn;
This makes the internal ops think this is a real connection, and 
therefore it attempts to send back the result of the internal operation 
as a real result back to the client:
send_ldap_result_ext() result.c line 357:
    if ( conn == NULL ) {
        if ( operation->o_result_handler != NULL ) {
            operation->o_result_handler( conn, operation, err,
                matched, text, nentries, urls );
            logit = 1;
        }
        goto log_and_return;
    }

I don't think the passwd_extop code should use the entire connection.  
I'm thinking that perhaps just the authentication parts of the 
connection for ACI purposes.  Does anyone know exactly what parts of the 
conn were needed to fulfill the requirements above?