[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
From: Buchan Milne <bgmilne@obsidian.co.za>
Date: Tue, 23 Aug 2005 18:18:08 +0200
Cc: Shawn McKinney <smmtech2@sbcglobal.net>, openldap-software@OpenLDAP.org
In-reply-to: <8944D5D503050324B2CE94B1@cadabra-dsl.stanford.edu>
References: <20050823131724.98858.qmail@web80705.mail.yahoo.com> <8944D5D503050324B2CE94B1@cadabra-dsl.stanford.edu>
User-agent: Mozilla Thunderbird 1.0.2 (X11/20050322)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quanah Gibson-Mount wrote:
> 
> 
> --On Tuesday, August 23, 2005 6:17 AM -0700 Shawn McKinney
> <smmtech2@sbcglobal.net> wrote:
> 
>> --- Howard Chu <hyc@symas.com> wrote:
>>
>>> The list of supportedControls is in the rootDSE.
>>>
>>> ldapsearch -x -b "" -s base -H ldap:// +
>>>
>>
>> Howard, when I run the command as you described I get
>> this from directory:
> 
> 
> 
> Did you give yourself anonymous access to the root DSE?  This is
> generally suggested.
> 
> 
> tribes:~> ldapsearch -LLL -x -h ldap-test1 -b "" -s base +
> dn:
> structuralObjectClass: OpenLDAProotDSE
> configContext: cn=config
> namingContexts: dc=stanford,dc=edu
> monitorContext: cn=Monitor
> supportedControl: 2.16.840.1.113730.3.4.18
> supportedControl: 2.16.840.1.113730.3.4.2
> supportedControl: 1.3.6.1.4.1.4203.1.10.1
> supportedControl: 1.2.840.113556.1.4.1340
> supportedControl: 1.2.840.113556.1.4.1413
> supportedControl: 1.2.840.113556.1.4.1339
> supportedControl: 1.2.840.113556.1.4.319
> supportedControl: 1.2.826.0.1.334810.2.3
> supportedControl: 1.3.6.1.1.13.2
> supportedControl: 1.3.6.1.1.13.1
> supportedControl: 1.3.6.1.1.12
> supportedExtension: 1.3.6.1.4.1.1466.20037
> supportedExtension: 1.3.6.1.4.1.4203.1.11.1
> supportedExtension: 1.3.6.1.4.1.4203.1.11.3
> supportedFeatures: 1.3.6.1.1.14
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
> supportedLDAPVersion: 3
> supportedSASLMechanisms: GSSAPI
> entryDN:
> subschemaSubentry: cn=Subschema

But, according to the draft, the control for ppolicy is
1.3.6.1.4.1.42.2.27.8.5.1 ... my 2.3.5 box with ppolicy enabled also
doesn't display this control ...


> for example from my systems running OpenLDAP 2.3.6
> 
>> Which doesn't tell me what extended controls are
>> supported in this directory.  Am I still doing
>> something wrong here?
> 
> 
> See above.
> 
>> How do I configure the directory to have
>> password-policy server-side controls sent back to the
>> client?
> 
> 
> Use the ppolicy overlay, I'm guessing.

Still leaves some questions unanswered ... or am I missing something?

Regards,
Buchan

- --
Buchan Milne                              Systems Architect
Obsidian Systems                  http://www.obsidian.co.za
B.Eng          RHCE (803004789010797),LPIC-1 (LPI000074592)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDC0xArJK6UGDSBKcRAnlKAJ0XNIxIaO8WV5VnleDpAZv9y5IGJgCcCtIa
ucX1aVNbWBKpx5Zuy47xsCA=
=lC58
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
  - From: Shawn McKinney <smmtech2@sbcglobal.net>
- Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
Next by Date: Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
Index(es):
- Chronological
- Thread