[
https://issues.apache.org/jira/browse/DIRAPI-361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17420969#comment-17420969
]
Gunics Balázs commented on DIRAPI-361:
--------------------------------------
Hello,
Sorry for the slow response, we had to wait for the password to expire.
While I don't know what's the actual server but my above code returned us the
following information:
{code:java}
Control key: 2.16.840.1.113730.3.4.5
Control object: OpaqueControl Control
Type OID : '2.16.840.1.113730.3.4.5'
Criticality : 'false'
'
PasswordPolicyResponse is: null
{code}
I tried to search for: 2.16.840.1.113730.3.4.5
But I got no hits in the source code. The Password policy OID in your
implementation is:
[https://github.com/apache/directory-ldap-api/blob/4d3633225c18fe7349d346ea7b54d13337050f50/ldap/extras/codec-api/src/main/java/org/apache/directory/api/ldap/extras/controls/ppolicy/PasswordPolicyResponse.java#L54]
"1.3.6.1.4.1.42.2.27.8.5.1"
Any extra information I could harvest for you?
[https://ldap.com/ldap-oid-reference-guide/]
According to these sources that OID should also belong to:
|2.16.840.1.113730.3.4.5|Password Expiring Response Contro|
[https://docs.ldap.com/specs/draft-vchu-ldap-pwd-policy-00.txt]
5. Password Expiration and Expiration Warning
New attributes, passwordExp, passwordMaxAge, and passwordWarning are
defined to specify whether the password will expire, when the password
expires and when a warning message will be sent to the client respec-
tively. The actual expiration time for a password will be stored in a
new attribute, passwordExpirationTime attribute in the user entry.
After bind operation succeed with authentication, the server should
check for password expiration. If the password expiration policy is on
and the account's password is expired, the server should send bin-
dResponse with the resultCode: LDAP_INVALID_CREDENTIALS along with an
error message to inform the client that the password has expired. If
the password is going to expire sooner than the password warning dura-
tion, the server should send bindResponse with the resultCode:
LDAP_SUCCESS, and should include the password expiring control in the
controls field of the bindResponse message:
controlType: 2.16.840.1.113730.3.4.5,
controlValue: an octet string to indicate the time in seconds until
the password expires.
criticality: false
The server should send at least one warning message to the client before
expiring the client's password.
> LDAP Protocol error if password is expiring
> -------------------------------------------
>
> Key: DIRAPI-361
> URL: https://issues.apache.org/jira/browse/DIRAPI-361
> Project: Directory Client API
> Issue Type: Bug
> Affects Versions: 2.0.1
> Environment: Java 8
> Reporter: Marco Cuccato
> Priority: Critical
>
> An LdapOperationException is raised at bind() if the user has the password
> expiring (but not expired yet).
> Exception:
> MessageType : BIND_RESPONSE
> Message ID : -1
> BindResponse
> Ldap Result
> Result code : (PROTOCOL_ERROR) protocolError
> Matched Dn : 'null'
> Diagnostic message : 'PROTOCOL_ERROR: The server will disconnect!'
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
