[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ppolicy (how to get hands on the password policy response)
Howard Chu wrote:
Prakash Velayutham wrote:
Hi,
I would like to know how to enable the password policy controls from
the server side. I have ppolicy overlay enabled in my slapd.conf, but
when I login as a user whose password has expired (during one of the
grace logins enabled in the server standard policy) there are no
warnings that show up from the client side. But I do see following
messages in the server logs:
Jun 5 17:02:15 ldaptest slapd[11738]: ppolicy_bind: Setting warning
for password expiry for cn=Prakash
Velayutham,ou=PI-users,dc=cchrf,dc=org = 215 seconds
the result does not show PasswordPolicyControl
(1.3.6.1.4.1.42.2.27.8.5.1). Could someone please let me know how to
enable this control from the server side? For some reason the control
seems to be not supported even with ppolicy overlay enabled.
Thanks,
Prakash
Note: I did see a thread on this topic earlier
(http://www.openldap.org/lists/openldap-software/200601/msg00187.html),
but there is no follow-up posted to that.
You're mistaken, this message was posted in response to the one you
reference, with the correct answer:
http://www.openldap.org/lists/openldap-software/200601/msg00189.html
Thanks Howard. But why does the server not show PasswordPolicyControl as
a supportedControl in the ldapsearch command for supported controls?
Also when I do ldapsearch with -e ppolicy (as mentioned in the thread
you referred), I get nothing related to ppolicy. Here is my command and
output.
ldaptest:~ # ldapsearch -x -LLL -e ppolicy "(cn=Prakash Velayutham)" cn
dn: cn=Prakash Velayutham,ou=PI-users,dc=cchrf,dc=org
cn: Prakash Velayutham
In my LDAP server logs, I don't see any warnings etc. Also the output
from ldapsearch does not show anything with the password expiry etc.,
which it is supposed to show.
Any ideas?
Thanks again,
Prakash