[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP



Shawn McKinney wrote:
When I view the ldap.h file, I find the following
declarations:
/* Password policy Controls */
/* work in progress */
/* ITS#3458: released, but not to latest draft;
disabled by default */
#define LDAP_CONTROL_PASSWORDPOLICYREQUEST
"1.3.6.1.4.1.42.2.27.8.5.1"
#define LDAP_CONTROL_PASSWORDPOLICYRESPONSE
"1.3.6.1.4.1.42.2.27.8.5.1"


These controls don't show up in my output above. Must
I enable these controls before client can read the
password policy messages?
The control is automatically enabled when the password policy module is configured on a database. However, since the Password Policy specification is still in flux, we never advertise the existence of the control. See clients/tools/common.c for example code to request the control.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/