Re: [ldapext] draft-behera-ldap-password-policy - bind behavior when pwd must be changed

To: John McMeeking <jmcmeek@us.ibm.com>
Subject: Re: [ldapext] draft-behera-ldap-password-policy - bind behavior when pwd must be changed
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 17 Nov 2003 09:37:33 +0100
Cc: ldapext@ietf.org
In-reply-to: <OF5E2A74AA.0C607031-ON86256DDE.0072EACD-86256DDE.007402F4@us.ibm.com>
References: <OF5E2A74AA.0C607031-ON86256DDE.0072EACD-86256DDE.007402F4@us.ibm.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007

John McMeeking wrote:


Should the bind procedure be changed to fail if the password must be
changed because of being reset when there is no password policy control?


Yes.

And succeed, with the warning, if the control is present?

No.

I'd be tempted to say even then it should fail,


I agree.

but I'm not sure if clients like JNDI
would be able to handle a control on a failure.


I wouldn't care.

 Or at least this concern
discussed, possibly with the recommendation that servers should provide a
means to chose this behavior?

I would not leave this open to server configuation. There should be exactly one way to do it.

Ciao, Michael.


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- RE: [ldapext] draft-behera-ldap-password-policy - bind behavior when pwd must be changed
  - From: "Andrew Sciberras" <andrews@adacel.com.au>

References:
- [ldapext] draft-behera-ldap-password-policy - bind behavior when pwd must be changed
  - From: John McMeeking <jmcmeek@us.ibm.com>