[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy (how to get hands on the password policy response)



Howard Chu wrote:
Prakash Velayutham wrote:
Hi,

I would like to know how to enable the password policy controls from the server side. I have ppolicy overlay enabled in my slapd.conf, but when I login as a user whose password has expired (during one of the grace logins enabled in the server standard policy) there are no warnings that show up from the client side. But I do see following messages in the server logs:

Jun 5 17:02:15 ldaptest slapd[11738]: ppolicy_bind: Setting warning for password expiry for cn=Prakash Velayutham,ou=PI-users,dc=cchrf,dc=org = 215 seconds
the result does not show PasswordPolicyControl (1.3.6.1.4.1.42.2.27.8.5.1). Could someone please let me know how to enable this control from the server side? For some reason the control seems to be not supported even with ppolicy overlay enabled.


Thanks,
Prakash

Note: I did see a thread on this topic earlier (http://www.openldap.org/lists/openldap-software/200601/msg00187.html), but there is no follow-up posted to that.

You're mistaken, this message was posted in response to the one you reference, with the correct answer:
http://www.openldap.org/lists/openldap-software/200601/msg00189.html


Thanks Howard. But why does the server not show PasswordPolicyControl as a supportedControl in the ldapsearch command for supported controls? Also when I do ldapsearch with -e ppolicy (as mentioned in the thread you referred), I get nothing related to ppolicy. Here is my command and output.

ldaptest:~ # ldapsearch -x -LLL -e ppolicy "(cn=Prakash Velayutham)" cn
dn: cn=Prakash Velayutham,ou=PI-users,dc=cchrf,dc=org
cn: Prakash Velayutham

In my LDAP server logs, I don't see any warnings etc. Also the output from ldapsearch does not show anything with the password expiry etc., which it is supposed to show.

Any ideas?

Thanks again,
Prakash