Re: ppolicy (how to get hands on the password policy response)

[Prakash Velayutham <prakash.velayutham@cchmc.org>]

Howard Chu wrote:
> Prakash Velayutham wrote:
> > Hi,
> >
> > I would like to know how to enable the password policy controls from 
> > the server side. I have ppolicy overlay enabled in my slapd.conf, but 
> > when I login as a user whose password has expired (during one of the 
> > grace logins enabled in the server standard policy) there are no 
> > warnings that show up from the client side. But I do see following 
> > messages in the server logs:
> >
> > Jun  5 17:02:15 ldaptest slapd[11738]: ppolicy_bind: Setting warning 
> > for password expiry for cn=Prakash 
> > Velayutham,ou=PI-users,dc=cchrf,dc=org = 215 seconds
> > the result does not show PasswordPolicyControl 
> > (1.3.6.1.4.1.42.2.27.8.5.1). Could someone please let me know how to 
> > enable this control from the server side? For some reason the control 
> > seems to be not supported even with ppolicy overlay enabled.
> >
> > Thanks,
> > Prakash
> >
> > Note: I did see a thread on this topic earlier 
> > (http://www.openldap.org/lists/openldap-software/200601/msg00187.html), 
> > but there is no follow-up posted to that.
> You're mistaken, this message was posted in response to the one you 
> reference, with the correct answer:
> http://www.openldap.org/lists/openldap-software/200601/msg00189.html
Thanks Howard. But why does the server not show PasswordPolicyControl as 
a supportedControl in the ldapsearch command for supported controls? 
Also when I do ldapsearch with -e ppolicy (as mentioned in the thread 
you referred), I get nothing related to ppolicy. Here is my command and 
output.

ldaptest:~ # ldapsearch -x -LLL -e ppolicy "(cn=Prakash Velayutham)" cn
dn: cn=Prakash Velayutham,ou=PI-users,dc=cchrf,dc=org
cn: Prakash Velayutham

In my LDAP server logs, I don't see any warnings etc. Also the output 
from ldapsearch does not show anything with the password expiry etc., 
which it is supposed to show.

Any ideas?

Thanks again,
Prakash