Issue 5389 - Contribution: JLDAP support for password policy response control
Summary: Contribution: JLDAP support for password policy response control
Status: UNCONFIRMED
Alias: None
Product: JLDAP
Classification: Unclassified
Component: JLDAP (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-26 00:42 UTC by t2tre@skyblue.eu.com
Modified: 2020-03-18 20:48 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description t2tre@skyblue.eu.com 2008-02-26 00:42:19 UTC
Full_Name: Raymond Edah
Version: JLDAP CVS HEAD
OS: Windows
URL: http://www.cs.skyblue.eu.com/ray/code/LDAPPasswordPolicyResponse.tar.gz
Submission from: (NULL) (81.3.106.202)


Hi,

I have written a class for handling the password policy response control as
described in draft-behera-ldap-password-policy-09.txt. I would like to
contribute it to the OpenLDAP project. A copy of the code can be found at
http://www.cs.skyblue.eu.com/ray/code/LDAPPasswordPolicyResponse.tar.gz.

Regards,
Ray Edah

Comment 1 Howard Chu 2008-03-20 10:16:22 UTC
moved from Incoming to Contrib
Comment 2 Rastogi Arpit 2009-04-24 10:11:15 UTC
hi Raymond ,
 
   This is just for my understanding . Is Password Policy response is a standard ? What is the requirement of this particular feature to be present in JLDAP? What is this feature and how it can be used ? 
   We can take it in if this is a standard but if this is not a standard than we cannot take this in as this will make the code bulkier. 
 
regards,
Arpit 
Comment 3 t2tre@skyblue.eu.com 2009-04-28 23:24:32 UTC
Rastogi Arpit wrote:
> hi Raymond ,
>  
Hi Arpit,

>    This is just for my understanding . Is Password Policy response is a 
> standard ? What is the requirement of this particular feature to be 
> present in JLDAP? What is this feature and how it can be used ?
>    We can take it in if this is a standard but if this is not a standard 
> than we cannot take this in as this will make the code bulkier.
The Password Policy control is based the IETF password policy proposal 
for LDAP. The following URLs provide more detail on it:

https://datatracker.ietf.org/drafts/draft-behera-ldap-password-policy/ 
http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt

Essentially the code I've provided allows users of JLDAP send password 
policy request control messages and interpret the directory server 
responses. It can be used in the following instances:

* At bind time where the directory server can indicate whether the 
user's account is about to expire, has expired, or is locked.
   * If the account is about to expire, how long before this occurs.
   * If the account has expired, how many grace logins are left before 
the account is locked out.
* At password reset time where the directory server can indicate whether 
the new password meets password policy requirements including:
   * Whether the password is strong enough.
   * Whether the new password set is one that has already been used.
These and more are described in the URLs I have provided.

Although it is an expired draft, it is supported by OpenLDAP (in slapd 
via the slapo-ppolicy overlay and is also supported by the ldapsearch 
client). It is also supported by the following LDAP servers (there may 
be more but these are the ones I do use):

CA/eTrust directory
OpenDS
SunONE directory
IBM Tivoli directory server

The functionality provided by the code I've written is also available in 
other programming languages (Perl via Net::LDAP and in other Java LDAP 
libraries).

>  
> regards,
> Arpit

regards
Ray


-- 
Raymond B. Edah
e-mail: t2tre ^ skyblue.eu.com
web:    http://www.cs.skyblue.eu.com