Re: ppolicy (how to get hands on the password policy response)

[Howard Chu <hyc@symas.com>]

Prakash Velayutham wrote:
> Hi,
>
> I would like to know how to enable the password policy controls from 
> the server side. I have ppolicy overlay enabled in my slapd.conf, but 
> when I login as a user whose password has expired (during one of the 
> grace logins enabled in the server standard policy) there are no 
> warnings that show up from the client side. But I do see following 
> messages in the server logs:
>
> Jun  5 17:02:15 ldaptest slapd[11738]: ppolicy_bind: Setting warning 
> for password expiry for cn=Prakash 
> Velayutham,ou=PI-users,dc=cchrf,dc=org = 215 seconds

> the result does not show PasswordPolicyControl 
> (1.3.6.1.4.1.42.2.27.8.5.1). Could someone please let me know how to 
> enable this control from the server side? For some reason the control 
> seems to be not supported even with ppolicy overlay enabled.
>
> Thanks,
> Prakash
>
> Note: I did see a thread on this topic earlier 
> (http://www.openldap.org/lists/openldap-software/200601/msg00187.html), 
> but there is no follow-up posted to that.
You're mistaken, this message was posted in response to the one you 
reference, with the correct answer:
http://www.openldap.org/lists/openldap-software/200601/msg00189.html

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/