We use openLdap as our user identity store for our SSO solution which is openAM.
We want to implement a password expiration strategy.
Therefore we have to configure openLdap to return a signal for events like:
- password about to expire
- password expired
The openAM code (java) anticipates “controls“ for this purpose.
- How to configure openLdap to return a control when a password is about to expire.
- Which java Ldap api should be used to process such a control.