[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [ldapext] Returning the Password Policy Control

To: "'John McMeeking'" <jmcmeek@us.ibm.com>
Subject: RE: [ldapext] Returning the Password Policy Control
From: "Andrew Sciberras" <andrews@adacel.com.au>
Date: Fri, 5 Sep 2003 08:02:16 +1000
Cc: <ldapext@ietf.org>
Importance: Normal
In-reply-to: <OFEBD07462.72D064B1-ON86256D97.003FDC8A-86256D97.0043E71D@us.ibm.com>

Hi John!

>One way to accomplish this is to define
>an operational attribute, say passwordPolicySubentry, that names the
>password policy subentry(ies?) that governs the entry.  The administrator /
>auditor should have authority to read the password policy entry.
>It might be appropriate to have password policy define the
>passwordPolicySubentry attribute, and have something like the subentry
>draft define an extended operation to determine if a given subentry applies
>to a given entry.

The password policy does define an operational attribute called
pwdPolicySubentry which points to the pwdPolicy subentry in effect for the
given entry.
And your absolutely right, anyone could use this attribute to identify the
exact details of the passsword policy being applied to the various
attributes within the entry.

I guess my question now is, if the intention of the password policy response
control is purely to convey error and warning information, what is the point
of returning a response control without any information?
After a quick glace at the draft, this apears to occur in the Bind and
Compare operations.

>
>John  McMeeking
>

Cheers,
Andrew Sciberras


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- RE: [ldapext] Returning the Password Policy Control
  - From: John McMeeking <jmcmeek@us.ibm.com>

Prev by Date: Re: [ldapext] Password Policy - locking accounts
Next by Date: RE: [ldapext] Password Policy - locking accounts
Index(es):
- Chronological
- Thread