go to  ForumEasy.com   
LdapPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  Response Control
 
Subject: Response Control
Author: SteveHB
In response to: Request Control
Posted on: 02/16/2010 09:31:02 PM

If the client has sent a passwordPolicyRequest control, the server (when solicited by the inclusion of the request control) sends this control with the following operation responses: bindResponse, modifyResponse, addResponse, compareResponse and possibly extendedResponse, to inform of various conditions, and MAY be sent with other operations (in the case of the changeAfterReset error).

  • The controlType is 1.3.6.1.4.1.42.2.27.8.5.1
  • The criticality can be either TRUE or FALSE
  • The controlValue is the BER encoding of the following type:
          PasswordPolicyResponseValue ::= SEQUENCE {
         warning [0] CHOICE {
            timeBeforeExpiration [0] INTEGER (0 .. maxInt),
            graceAuthNsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL,
         error   [1] ENUMERATED {
            passwordExpired             (0),
            accountLocked               (1),
            changeAfterReset            (2),
            passwordModNotAllowed       (3),
            mustSupplyOldPassword       (4),
            insufficientPasswordQuality (5),
            passwordTooShort            (6),
            passwordTooYoung            (7),
            passwordInHistory           (8) } OPTIONAL }

  • timeBeforeExpiration warning specifies the number of seconds
    before a password will expire.
  • graceAuthNsRemaining warning specifies the remaining number of times a user will be allowed to authenticate with an expired password.
  • passwordExpired error signifies that the password has expired and must be reset.
  • changeAfterReset error signifies that the password must be changed before the user will be allowed to perform any operation other than bind and modify.
  • passwordModNotAllowed error is set when a user is restricted from changing her password.
  • insufficientPasswordQuality error is set when a password doesn't pass
    quality checking.
  • passwordTooYoung error is set if the age of the password to be modified is not yet old enough.

    Typically, only either a warning or an error will be encoded though there may be exceptions. For example, if the user is required to change a password after the password administrator set it, and the password will expire in a short amount of time, the control may include the timeBeforeExpiration warning and the changeAfterReset error.


     

    > On 02/16/2010 09:18:55 PM SteveHB wrote:
    This control MAY be sent with any LDAP request message (not just bindRequest) in order to convey to the server that this client is aware of, and can process the response control described in this document. When a server receives this control, it will return the response control when appropriate and with the proper data.

  • The controlType is 1.3.6.1.4.1.42.2.27.8.5.1
  • The criticality may be TRUE or FALSE
  • There is no controlValue


    References:

    		•  


     
    Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
     
    Get your own forum today. It's easy and free.