Catch LDAP constraint violation

closed bug #18

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index c5ef9f0..205bd3a 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -1719,7 +1719,9 @@ static int ldap_authorize(void *instance, REQUEST * request)
        */
        if (debug_flag > 1) {
               if (!pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0) &&
-                  !pairfind(request->config_items, PW_USER_PASSWORD, 0)) {
+                  !pairfind(request->config_items, PW_USER_PASSWORD, 0) &&
+                  !pairfind(request->config_items, PW_PASSWORD_WITH_HEADER, 0) &&
+                  !pairfind(request->config_items, PW_CRYPT_PASSWORD, 0)) {
                       DEBUG("WARNING: No \"known good\" password was found in LDAP.  Are you sure that the user is configured correctly?");
               }
        }
@@ -2488,6 +2490,14 @@ static LDAP *ldap_connect(void *instance, const char *dn, const char *password,
                }
                break;
 
+       case LDAP_CONSTRAINT_VIOLATION:
+               DEBUG("rlm_ldap: Bind failed with constraint violation");
+               *result = RLM_MODULE_REJECT;
+               if(err != NULL){
+                       ldap_get_option(ld, LDAP_OPT_ERROR_STRING, err);
+               }
+               break;
+
        default:
                if (inst->is_url) {
                        radlog(L_ERR,"  [%s] %s bind to %s failed %s", inst->xlat_name,