[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quanah Gibson-Mount wrote:
> 
> 
> --On Tuesday, August 23, 2005 6:17 AM -0700 Shawn McKinney
> <smmtech2@sbcglobal.net> wrote:
> 
>> --- Howard Chu <hyc@symas.com> wrote:
>>
>>> The list of supportedControls is in the rootDSE.
>>>
>>> ldapsearch -x -b "" -s base -H ldap:// +
>>>
>>
>> Howard, when I run the command as you described I get
>> this from directory:
> 
> 
> 
> Did you give yourself anonymous access to the root DSE?  This is
> generally suggested.
> 
> 
> tribes:~> ldapsearch -LLL -x -h ldap-test1 -b "" -s base +
> dn:
> structuralObjectClass: OpenLDAProotDSE
> configContext: cn=config
> namingContexts: dc=stanford,dc=edu
> monitorContext: cn=Monitor
> supportedControl: 2.16.840.1.113730.3.4.18
> supportedControl: 2.16.840.1.113730.3.4.2
> supportedControl: 1.3.6.1.4.1.4203.1.10.1
> supportedControl: 1.2.840.113556.1.4.1340
> supportedControl: 1.2.840.113556.1.4.1413
> supportedControl: 1.2.840.113556.1.4.1339
> supportedControl: 1.2.840.113556.1.4.319
> supportedControl: 1.2.826.0.1.334810.2.3
> supportedControl: 1.3.6.1.1.13.2
> supportedControl: 1.3.6.1.1.13.1
> supportedControl: 1.3.6.1.1.12
> supportedExtension: 1.3.6.1.4.1.1466.20037
> supportedExtension: 1.3.6.1.4.1.4203.1.11.1
> supportedExtension: 1.3.6.1.4.1.4203.1.11.3
> supportedFeatures: 1.3.6.1.1.14
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
> supportedLDAPVersion: 3
> supportedSASLMechanisms: GSSAPI
> entryDN:
> subschemaSubentry: cn=Subschema

But, according to the draft, the control for ppolicy is
1.3.6.1.4.1.42.2.27.8.5.1 ... my 2.3.5 box with ppolicy enabled also
doesn't display this control ...


> for example from my systems running OpenLDAP 2.3.6
> 
>> Which doesn't tell me what extended controls are
>> supported in this directory.  Am I still doing
>> something wrong here?
> 
> 
> See above.
> 
>> How do I configure the directory to have
>> password-policy server-side controls sent back to the
>> client?
> 
> 
> Use the ppolicy overlay, I'm guessing.

Still leaves some questions unanswered ... or am I missing something?

Regards,
Buchan

- --
Buchan Milne                              Systems Architect
Obsidian Systems                  http://www.obsidian.co.za
B.Eng          RHCE (803004789010797),LPIC-1 (LPI000074592)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDC0xArJK6UGDSBKcRAnlKAJ0XNIxIaO8WV5VnleDpAZv9y5IGJgCcCtIa
ucX1aVNbWBKpx5Zuy47xsCA=
=lC58
-----END PGP SIGNATURE-----