The Password Expiring Response Control, described in the Internet-Draft Password Policy for LDAP Directories, warns your application during a bind that the password used will soon expire.
if (isSupported(PasswordExpiringResponseControl.OID)) { final String dn = "uid=bjensen,ou=People,dc=example,dc=com"; final char[] pwd = "hifalutin".toCharArray(); final BindResult result = connection.bind(dn, pwd); try { final PasswordExpiringResponseControl control = result.getControl(PasswordExpiringResponseControl.DECODER, new DecodeOptions()); if (!(control == null) && control.hasValue()) { System.out.println("Password for " + dn + " expires in " + control.getSecondsUntilExpiration() + " seconds."); } } catch (final DecodeException de) { // Failed to decode the response control. } }
OpenDJ directory server supports the Password Expiring Response Control.
To obtain the following output from the excerpt, you can change the default
password policy configuration to set a maximum password age and a warning
interval, change Barbara Jensen's password, and wait until you enter the
warning interval before password expiration. See the OpenDJ
Administration Guide procedure explaining how
To Adjust the Default Password Policy for an example
of how to adjust the maximum password age. Also set a short
password-expiration-warning-interval
value.
Password for uid=bjensen,ou=People,dc=example,dc=com expires in 237 seconds.