Overview #

The password modify extended operation is a type of extended operation that may be used to perform a Password Change or Password Reset user Password. It is defined in RFC 3062 and both the request and response operations have an OID of 1.3.6.1.4.1.4203.1.11.1.

The value for the password modify request is:

   
PasswdModifyRequestValue ::= SEQUENCE {
     userIdentity    [0]  OCTET STRING OPTIONAL
     oldPasswd       [1]  OCTET STRING OPTIONAL
     newPasswd       [2]  OCTET STRING OPTIONAL } 

Where the userIdentity field, if present, SHALL contain an octet string representation of the user associated with the request. This string may or may not be an DN. If no userIdentity field is present, the request acts up upon the password of the user currently associated with the LDAP session.

The oldPasswd field, if present, SHALL contain the userIdentity's current password value.

The newPasswd field, if present, SHALL contain the desired password for the userIdentity.

PasswdModifyResponseValue#

A Password Modify response is an Extended Response where the responseName field is absent and the response field is optional.

When there is no value provided for the newPasswd field, the the Server should use a Password Generator and provide the value in the genPasswd field. The response field, if present, SHALL contain a PasswdModifyResponseValue with genPasswd field present. The genPasswd field, if present, SHALL contain a generated password for the user.

If an resultCode other than success (0) is indicated in the response, the response field MUST be absent.

   
PasswdModifyResponseValue ::= SEQUENCE {
     genPasswd       [0]     OCTET STRING OPTIONAL } 
The genPasswd field, if present, SHALL contain a generated password for the user.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-8) was last changed on 15-Apr-2015 16:54 by jim