[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ppolicy (how to get hands on the password policy response)
Hi,
I would like to know how to enable the password policy controls from the
server side. I have ppolicy overlay enabled in my slapd.conf, but when I
login as a user whose password has expired (during one of the grace
logins enabled in the server standard policy) there are no warnings that
show up from the client side. But I do see following messages in the
server logs:
Jun 5 17:02:15 ldaptest slapd[11738]: ppolicy_bind: Setting warning for
password expiry for cn=Prakash Velayutham,ou=PI-users,dc=cchrf,dc=org =
215 seconds
When I do
ldapsearch -b "" -s base "" supportedControl supportedExtension
supportedFeatures
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedControl supportedExtension supportedFeatures
#
#
dn:
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.334810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
the result does not show PasswordPolicyControl
(1.3.6.1.4.1.42.2.27.8.5.1). Could someone please let me know how to
enable this control from the server side? For some reason the control
seems to be not supported even with ppolicy overlay enabled.
Thanks,
Prakash
Note: I did see a thread on this topic earlier
(http://www.openldap.org/lists/openldap-software/200601/msg00187.html),
but there is no follow-up posted to that.