directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: Aw: Re: Password Expired Response Control
Date Wed, 26 Jun 2019 13:34:29 GMT

On 26/06/2019 15:26, Ludovic Poitou wrote:
> That Internet draft (draft-vchu-ldap-pwd-policy-00.txt) is a piece of 
> memory of how Netscape Directory Server 4.x was doing password policy.
> The controls are the only piece that are still implemented in 
> ForgeRock DS, and it’s siblings (OUD, Ping Directory…), but they are 
> also still implemented in Oracle DSEE and Red-Hat Directory, mostly 
> because they were unsolicited and many clients are still able to deal 
> with them.
> I would be surprised if the control returned value with ForgeRock DS 
> actually differs from Sun/Oracle DSEE, as we used the same test suite 
> to validate the returned controls. But it’s very possible that it’s 
> not really compliant with the ASN.1 description of the control.

Many thanks Ludovic.

ATM, I'm basing the LDAP API code to deal with a single byte for this 
control value (aka 0x30, '0'). This is not ASN.1 compliant, but all in 
all, who cares ? The control value is anyway supposed to be opaque, so I 
guess it's fine as soon as all the implementers did the same.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message