[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP

To: Shawn McKinney <smmtech2@sbcglobal.net>, openldap-software@OpenLDAP.org
Subject: Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 23 Aug 2005 08:18:55 -0700
Content-disposition: inline
In-reply-to: <20050823131724.98858.qmail@web80705.mail.yahoo.com>
References: <20050823131724.98858.qmail@web80705.mail.yahoo.com>

--On Tuesday, August 23, 2005 6:17 AM -0700 Shawn McKinney <smmtech2@sbcglobal.net> wrote:

--- Howard Chu <hyc@symas.com> wrote:

The list of supportedControls is in the rootDSE.

ldapsearch -x -b "" -s base -H ldap:// +


Howard, when I run the command as you described I get
this from directory:

Did you give yourself anonymous access to the root DSE? This is generally suggested.


tribes:~> ldapsearch -LLL -x -h ldap-test1 -b "" -s base +
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=stanford,dc=edu
monitorContext: cn=Monitor
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.1340
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.1339
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.334810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: GSSAPI
entryDN:
subschemaSubentry: cn=Subschema

for example from my systems running OpenLDAP 2.3.6

Which doesn't tell me what extended controls are
supported in this directory.  Am I still doing
something wrong here?


See above.

How do I configure the directory to have
password-policy server-side controls sent back to the
client?


Use the ppolicy overlay, I'm guessing.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

Follow-Ups:
- Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
  - From: Shawn McKinney <smmtech2@sbcglobal.net>
- Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
  - From: Buchan Milne <bgmilne@obsidian.co.za>

References:
- Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP
  - From: Shawn McKinney <smmtech2@sbcglobal.net>

Prev by Date: Re: ldap backup
Next by Date: Re: logging failed binds
Index(es):
- Chronological
- Thread