On Thu, 2011-06-16 at 11:32 +0200, Sumit Bose wrote: > Hi, > > by chance I realized that an OpenLDAP server does not list all controls > it can handle in the rootDSE attribute supportedControl. > > Especially LDAP_CONTROL_PASSWORDPOLICY is not listed. According to the > OpenLDAP developers this is because the related spec > (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10) is > still a draft and not finalized > (http://www.openldap.org/lists/openldap-software/200606/msg00220.html). > Since sssd only uses controls which are in the supportedControl list we > will not be able to give the user expiration warnings or information > about grace logins for OpenLDAP servers with the password policy overlay > enabled. > > I'm not sure if we need to do anything about it but at least I think it > is good to be aware of.
Maybe we can have an override option where we list the OIDs we know are supported even though they are not listed in rootDSE. IT may be useful for testing and other purposes too. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
