is there someone that can post an example to retrieve the password policy from the Apache DS LDAP server? Keep in mind that I am using the free licence of Unboundid , not the commercial one.
It should be also useful if there was the indication of the OID of the psw policy to be used with ApacheDS.
Many thanks in advance,
Pasquale
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is probably a question that you'll need to ask through an Apache DS support channel. Or at least "How do I retrieve the password policy from Apache DS over LDAP?" There isn't really any standard way for LDAP servers to represent configuration (like password policy definitions), and each server does it differently.
Also, you'll want to clarify whether you're asking about password policy configuration or password policy state. The former defines the settings that the server will enforce, whereas the latter keeps track of things specific to a particular user's behavior relative to that policy (e.g., when they last changed their password, how long until the password expires, how many failed authentication attempts the user has, etc.). Those are different things and are often accessed differently.
Once you've found out how to retrieve it over LDAP, then we can help you figure out how to issue those requests and interpret those responses with the UnboundID LDAP SDK for Java.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Many thanks for your prompt answer. Actually I am interested in the Password policy state. Unfortunately there is very few documentation related this aspects, as far as ApacheDS is concerned. Moreover I am new to this aspect and I straggling with this problem for a long time. If you had same reference related to a Java example to retrieve the password policy state from ApacheDS, I 'd be most greatful.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Dear Neil,
I do not know if I'l never met you, but let me say with all my gratitude:THANK YOU. I was struggling with this issue for a long time, and now finally, thanks to your help, I fix that.
All the best for you, Neil
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Neil, I'm a little bit worried about the class that you adviced me to use to fix my problem. Its name include the word "Draft" . It means that the product is not si stable, yet? Is it going to change in the next future?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It’s conceivable that a new revision of the draft could be published that introduces incompatible changes, but that seems unlikely for a couple of reasons.
First, the most recent revision of the draft was published on August 9, 2009, and that expired on February 10, 2010. It hasn’t been updated in quite a while, so it’s probably safe to assume it’s not going to be updated any time soon.
Second, at least some directory servers have implemented support for what is contained in the most recent revision. In the event that they do resurrect the draft and make incompatible changes to it, I can only assume that they would allocate a new OID for the control. In that case, you could use the root DSE’s supportedControl attribute to determine which version the server supported.
Neil
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
is there someone that can post an example to retrieve the password policy from the Apache DS LDAP server? Keep in mind that I am using the free licence of Unboundid , not the commercial one.
It should be also useful if there was the indication of the OID of the psw policy to be used with ApacheDS.
Many thanks in advance,
Pasquale
This is probably a question that you'll need to ask through an Apache DS support channel. Or at least "How do I retrieve the password policy from Apache DS over LDAP?" There isn't really any standard way for LDAP servers to represent configuration (like password policy definitions), and each server does it differently.
Also, you'll want to clarify whether you're asking about password policy configuration or password policy state. The former defines the settings that the server will enforce, whereas the latter keeps track of things specific to a particular user's behavior relative to that policy (e.g., when they last changed their password, how long until the password expires, how many failed authentication attempts the user has, etc.). Those are different things and are often accessed differently.
Once you've found out how to retrieve it over LDAP, then we can help you figure out how to issue those requests and interpret those responses with the UnboundID LDAP SDK for Java.
Many thanks for your prompt answer. Actually I am interested in the Password policy state. Unfortunately there is very few documentation related this aspects, as far as ApacheDS is concerned. Moreover I am new to this aspect and I straggling with this problem for a long time. If you had same reference related to a Java example to retrieve the password policy state from ApacheDS, I 'd be most greatful.
This is still a better question to ask the people who maintain Apache DS, but you could at least see if its root DSE includes a supportedControl value of "1.3.6.1.4.1.42.2.27.8.5.1". If so, then you may be able to use https://docs.ldap.com/ldap-sdk/docs/javadoc/index.html?com/unboundid/ldap/sdk/experimental/DraftBeheraLDAPPasswordPolicy10RequestControl.html to obtain some information about the user's password policy state.
Dear Neil,
I do not know if I'l never met you, but let me say with all my gratitude:THANK YOU. I was struggling with this issue for a long time, and now finally, thanks to your help, I fix that.
All the best for you, Neil
Neil, I'm a little bit worried about the class that you adviced me to use to fix my problem. Its name include the word "Draft" . It means that the product is not si stable, yet? Is it going to change in the next future?
It’s conceivable that a new revision of the draft could be published that introduces incompatible changes, but that seems unlikely for a couple of reasons.
First, the most recent revision of the draft was published on August 9, 2009, and that expired on February 10, 2010. It hasn’t been updated in quite a while, so it’s probably safe to assume it’s not going to be updated any time soon.
Second, at least some directory servers have implemented support for what is contained in the most recent revision. In the event that they do resurrect the draft and make incompatible changes to it, I can only assume that they would allocate a new OID for the control. In that case, you could use the root DSE’s supportedControl attribute to determine which version the server supported.
Neil
Many thanks for the clarification. Now I am a bit's safer and secure.