Fran?ois Beretti wrote: > On 3/31/06, Richard Megginson <rmeggins at redhat.com> wrote: > >> Fran?ois Beretti wrote: >> >>> - Password must be changed after a reset >>> - Password expiration warning >>> - Password expired >>> >>> How can I detect these three events ? >>> >>> >> I'm not sure. You may want to ask on a Novell list to find out what is >> supported by their API. But in general, these events are returned to >> all LDAPv3 clients in the form of controls, so as long as the Novell API >> allows you to receive and parse the response controls, you should be >> able to get all of that information. >> > > Thank you for your answer. Is there a description somewhere of which > controls are used by the Directory Server ? > > >> Yes. Fedora DS allows a configurable number of "grace logins" - the >> user is only allowed to BIND, then change their password. >> > > Thank you again > The internet draft has unfortunately expired (again), but there is a recent copy of it here - http://www.dfn-pca.de/bibliothek/standards/ietf/none/internet-drafts/draft-behera-ldap-password-policy-07.txt You have to specify the control with the request so that the server will know the client is aware of the response control. See section 5 and later for details about the control OID to send, what is available in the response, and the behavior for different operations. > Fran?ois > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060331/bdcb33ad/attachment.bin
