Filter
Top Products
■
The password is too young
■
The password already exists in history
The LDAP_CONTROL_PWP control indicates warning and error conditions. The control value is a
BER octet string, with the format {tii}, which has the following meaning:
■
t is a tag dening which warning is set, if any. The value of t can be one of the following:
LDAP_PWP_WARNING_RESP_NONE (0x00L)
LDAP_PWP_WARNING_RESP_EXP (0x01L)
LDAP_PWP_WARNING_RESP_GRACE (0x02L)
■
The rst i indicates warning information.
The warning depends on the value set for t as follows:
■
If t is set to LDAP_PWP_WARNING_RESP_NONE, the warning is -1.
■
If t is set to LDAP_PWP_WARNING_RESP_EX, the warning is the number of seconds before
expiration.
■
If t is set to LDAP_PWP_WARNING_RESP_GRACE, the warning is the number of remaining
grace logins.
■
The second i indicates error information. If t is set to LDAP_PWP_WARNING_RESP_NONE, the
error contains one of the following values:
pwp_resp_no_error (-1)
pwp_resp_expired_error (0)
pwp_resp_locked_error (1)
pwp_resp_need_change_error (2)
pwp_resp_mod_not_allowed_error (3)
pwp_resp_give_old_error (4)
pwp_resp_bad_qa_error (5)
pwp_resp_too_short_error (6)
pwp_resp_too_young_error (7)
pwp_resp_in_hist_error (8)
The LDAP_CONTROL_ACCOUNT_USABLE control provides account status information on LDAP
search operations only.
Password Policy Compatibility
For migration purposes, the new password policy maintains compatibility with previous
Directory Server versions by identifying a compatibility mode. The compatibility mode
determines whether password policy attributes are handled as old attributes or new attributes,
where old refers to Directory Server 5 password policy attributes.
The compatibility mode can be read using dsconf command as follows:
NewPasswordPolicy
Chapter5 • ArchitecturalChanges inDirectory Server6.0 75
SunCondential:Registered