Logged in as guest
Viewing Contrib/5389 Full headers
Major security issue: yes no
Notes: Notification:
Date: Tue, 26 Feb 2008 00:42:19 GMT From: t2tre@skyblue.eu.com To: openldap-its@OpenLDAP.org Subject: Contribution: JLDAP support for password policy response control
Full_Name: Raymond Edah Version: JLDAP CVS HEAD OS: Windows URL: http://www.cs.skyblue.eu.com/ray/code/LDAPPasswordPolicyResponse.tar.gz Submission from: (NULL) (81.3.106.202) Hi, I have written a class for handling the password policy response control as described in draft-behera-ldap-password-policy-09.txt. I would like to contribute it to the OpenLDAP project. A copy of the code can be found at http://www.cs.skyblue.eu.com/ray/code/LDAPPasswordPolicyResponse.tar.gz. Regards, Ray Edah
Date: Fri, 24 Apr 2009 04:11:15 -0600 From: "Rastogi Arpit" <rarpit@novell.com> To: <openldap-its@OpenLDAP.org>, <t2tre@skyblue.eu.com> Cc: "Rajkumar V" <VRAJKUMAR@novell.com> Subject: Re: (ITS#5389) Contribution: JLDAP support for password policy response control
--=__Part133BA653.0__= Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable hi Raymond , =20 This is just for my understanding . Is Password Policy response is a = standard ? What is the requirement of this particular feature to be = present in JLDAP? What is this feature and how it can be used ?=20 We can take it in if this is a standard but if this is not a standard = than we cannot take this in as this will make the code bulkier.=20 =20 regards, Arpit=20 --=__Part133BA653.0__= Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Description: HTML <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-15= "> <META content=3D"MSHTML 6.00.2900.3492" name=3DGENERATOR></HEAD> <BODY style=3D"MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI"> <DIV>hi Raymond ,</DIV> <DIV> </DIV> <DIV> This is just for my understanding . Is Password Policy = response is a standard ? What is the requirement of this particular = feature to be present in JLDAP? What is this feature and how it can be = used ? </DIV> <DIV> We can take it in if this is a standard but if this is = not a standard than we cannot take this in as this will make the code = bulkier. </DIV> <DIV> </DIV> <DIV>regards,<BR>Arpit </DIV></BODY></HTML> --=__Part133BA653.0__=--
Date: Wed, 29 Apr 2009 00:24:32 +0100 From: "Raymond B. Edah" <t2tre@skyblue.eu.com> To: Rastogi Arpit <rarpit@novell.com> CC: openldap-its@OpenLDAP.org, Rajkumar V <VRAJKUMAR@novell.com> Subject: Re: (ITS#5389) Contribution: JLDAP support for password policy response control
Rastogi Arpit wrote: > hi Raymond , > Hi Arpit, > This is just for my understanding . Is Password Policy response is a > standard ? What is the requirement of this particular feature to be > present in JLDAP? What is this feature and how it can be used ? > We can take it in if this is a standard but if this is not a standard > than we cannot take this in as this will make the code bulkier. The Password Policy control is based the IETF password policy proposal for LDAP. The following URLs provide more detail on it: https://datatracker.ietf.org/drafts/draft-behera-ldap-password-policy/ http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt Essentially the code I've provided allows users of JLDAP send password policy request control messages and interpret the directory server responses. It can be used in the following instances: * At bind time where the directory server can indicate whether the user's account is about to expire, has expired, or is locked. * If the account is about to expire, how long before this occurs. * If the account has expired, how many grace logins are left before the account is locked out. * At password reset time where the directory server can indicate whether the new password meets password policy requirements including: * Whether the password is strong enough. * Whether the new password set is one that has already been used. These and more are described in the URLs I have provided. Although it is an expired draft, it is supported by OpenLDAP (in slapd via the slapo-ppolicy overlay and is also supported by the ldapsearch client). It is also supported by the following LDAP servers (there may be more but these are the ones I do use): CA/eTrust directory OpenDS SunONE directory IBM Tivoli directory server The functionality provided by the code I've written is also available in other programming languages (Perl via Net::LDAP and in other Java LDAP libraries). > > regards, > Arpit regards Ray -- Raymond B. Edah e-mail: t2tre ^ skyblue.eu.com web: http://www.cs.skyblue.eu.com
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
