Linux Archive

Linux Archive (
-   Fedora Directory (
-   -   PasswordExpiringControl, PasswordExpiredControl and DraftBeheraLDAPPasswordPolicy10RequestControl (

Juan Asensio Sánchez 08-28-2012 07:11 AM

PasswordExpiringControl, PasswordExpiredControl and DraftBeheraLDAPPasswordPolicy10RequestControl

We are testing the password policy in the 389DS. Using CentOS 5.5
i386, 389-ds-base 1.2.5. I have enabled the global password policy,
and set 180 days for password expiration, 14 days for warnings, and 3
grace logins. If I do a login before the 14 days befor the password
expiration, the bind is correct. If the bind is done during the 14
days before the password expiration, a PasswordExpiringControl is sent
to the client (verified with a groovy script using the UnboundID LDAP
SDK). After the password expires, the login is successful (without
being sent any control) for 3 times (all correct), and then the bind
is incorrect (error 49, invalid credentials), and also a
PasswordExpiredControl is sent.

My question, shouldn't the server send the PasswordExpiredControl also
during the 3 grace login?

If not, I have tested the
(, and
it looks that is implemented (at least, in part) in 389DS. What is the
status of the implementation of this drafts (yes, I know it is a
draft, but is very useful). I am interested mostly in notifying the
user about its expiring/expired password, or remaining login attempts.
This looks to work in 389DS. Is there any more useful function I can

Regards and thanks in advance.
389 users mailing list

All times are GMT. The time now is 02:49 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.