[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Quanah Gibson-Mount wrote:
>
>
> --On Tuesday, August 23, 2005 6:17 AM -0700 Shawn McKinney
> <smmtech2@sbcglobal.net> wrote:
>
>> --- Howard Chu <hyc@symas.com> wrote:
>>
>>> The list of supportedControls is in the rootDSE.
>>>
>>> ldapsearch -x -b "" -s base -H ldap:// +
>>>
>>
>> Howard, when I run the command as you described I get
>> this from directory:
>
>
>
> Did you give yourself anonymous access to the root DSE? This is
> generally suggested.
>
>
> tribes:~> ldapsearch -LLL -x -h ldap-test1 -b "" -s base +
> dn:
> structuralObjectClass: OpenLDAProotDSE
> configContext: cn=config
> namingContexts: dc=stanford,dc=edu
> monitorContext: cn=Monitor
> supportedControl: 2.16.840.1.113730.3.4.18
> supportedControl: 2.16.840.1.113730.3.4.2
> supportedControl: 1.3.6.1.4.1.4203.1.10.1
> supportedControl: 1.2.840.113556.1.4.1340
> supportedControl: 1.2.840.113556.1.4.1413
> supportedControl: 1.2.840.113556.1.4.1339
> supportedControl: 1.2.840.113556.1.4.319
> supportedControl: 1.2.826.0.1.334810.2.3
> supportedControl: 1.3.6.1.1.13.2
> supportedControl: 1.3.6.1.1.13.1
> supportedControl: 1.3.6.1.1.12
> supportedExtension: 1.3.6.1.4.1.1466.20037
> supportedExtension: 1.3.6.1.4.1.4203.1.11.1
> supportedExtension: 1.3.6.1.4.1.4203.1.11.3
> supportedFeatures: 1.3.6.1.1.14
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
> supportedLDAPVersion: 3
> supportedSASLMechanisms: GSSAPI
> entryDN:
> subschemaSubentry: cn=Subschema
But, according to the draft, the control for ppolicy is
1.3.6.1.4.1.42.2.27.8.5.1 ... my 2.3.5 box with ppolicy enabled also
doesn't display this control ...
> for example from my systems running OpenLDAP 2.3.6
>
>> Which doesn't tell me what extended controls are
>> supported in this directory. Am I still doing
>> something wrong here?
>
>
> See above.
>
>> How do I configure the directory to have
>> password-policy server-side controls sent back to the
>> client?
>
>
> Use the ppolicy overlay, I'm guessing.
Still leaves some questions unanswered ... or am I missing something?
Regards,
Buchan
- --
Buchan Milne Systems Architect
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797),LPIC-1 (LPI000074592)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDC0xArJK6UGDSBKcRAnlKAJ0XNIxIaO8WV5VnleDpAZv9y5IGJgCcCtIa
ucX1aVNbWBKpx5Zuy47xsCA=
=lC58
-----END PGP SIGNATURE-----