Re: Enabling Password Policy Messages via Extended Controls in OpenLDAP

--On Tuesday, August 23, 2005 6:17 AM -0700 Shawn McKinney <smmtech2@sbcglobal.net> wrote:

--- Howard Chu <hyc@symas.com> wrote:
The list of supportedControls is in the rootDSE.

ldapsearch -x -b "" -s base -H ldap:// +

Howard, when I run the command as you described I get this from directory:

Did you give yourself anonymous access to the root DSE? This is generally suggested.

tribes:~> ldapsearch -LLL -x -h ldap-test1 -b "" -s base + dn: structuralObjectClass: OpenLDAProotDSE configContext: cn=config namingContexts: dc=stanford,dc=edu monitorContext: cn=Monitor supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: supportedControl: 1.2.840.113556.1.4.1340 supportedControl: 1.2.840.113556.1.4.1413 supportedControl: 1.2.840.113556.1.4.1339 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.334810.2.3 supportedControl: supportedControl: supportedControl: supportedExtension: supportedExtension: supportedExtension: supportedFeatures: supportedFeatures: supportedFeatures: supportedFeatures: supportedFeatures: supportedFeatures: supportedLDAPVersion: 3 supportedSASLMechanisms: GSSAPI entryDN: subschemaSubentry: cn=Subschema

for example from my systems running OpenLDAP 2.3.6

Which doesn't tell me what extended controls are
supported in this directory.  Am I still doing
something wrong here?

See above.

How do I configure the directory to have
password-policy server-side controls sent back to the

Use the ppolicy overlay, I'm guessing.


