The Behera Internet-Draft, Password Policy for LDAP Directories, describes Password Policy Request and Response Controls. You send the request control with a request to let the directory server know that your application can handle the response control. The directory server sends the response control on applicable operations to communicate warnings and errors.
if (isSupported(PasswordPolicyRequestControl.OID)) { final String dn = "uid=bjensen,ou=People,dc=example,dc=com"; final char[] pwd = "hifalutin".toCharArray(); try { final BindRequest request = Requests.newSimpleBindRequest(dn, pwd) .addControl(PasswordPolicyRequestControl.newControl(true)); final BindResult result = connection.bind(request); final PasswordPolicyResponseControl control = result.getControl(PasswordPolicyResponseControl.DECODER, new DecodeOptions()); if (!(control == null) && !(control.getWarningType() == null)) { System.out.println("Password policy warning " + control.getWarningType().toString() + ", value " + control.getWarningValue() + " for " + dn); } } catch (final ErrorResultException e) { final Result result = e.getResult(); try { final PasswordPolicyResponseControl control = result.getControl(PasswordPolicyResponseControl.DECODER, new DecodeOptions()); if (!(control == null)) { System.out.println("Password policy error " + control.getErrorType().toString() + " for " + dn); } } catch (final DecodeException de) { // Failed to decode the response control. } } catch (final DecodeException e) { // Failed to decode the response control. } }
OpenDJ directory server supports the Password Policy Controls. To obtain
the output from the excerpt, you can change the default password policy
configuration to set a maximum password age and a warning interval, change
Barbara Jensen's password, and then run the example during the warning
interval and after the password has expired. See the OpenDJ
Administration Guide procedure explaining how
To Adjust the Default Password Policy for an example
of how to adjust the maximum password age. Also set a short
password-expiration-warning-interval
value.
For a warning:
Password policy warning timeBeforeExpiration, value 237 for uid=bjensen,ou=People,dc=example,dc=com
For an error:
Password policy error passwordExpired for uid=bjensen,ou=People,dc=example,dc=com