How To Use The Password Policy Control


This is a How To on using the PasswordPolicyRequest SupportedControl.[1]

The Password Policy Control allows a client to request information about the current password policy information for a user entry.

You can specify the Password Policy Control with some implementations of LDAPSEARCH in a number of ways:

  • OID. Use the --control or -J option with the Password Policy Control OID: with no value.
  • Named constant. Use the named constants, pwpolicy or passwordpolicy with the --control or -J option instead of the Password Policy Control OID. For example, use -J pwpolicy or -J passwordpolicy with ldapsearch.
  • Option. Use the --usePasswordPolicyControl option.

Note - The -J or --control option is used to specify which controls to use in a search request. The --usePasswordPolicyControl option is used for bind requests.

Example Using LDAPSEARCH and PasswordPolicyRequest#

You will need to use a LDAPSEARCH that supports using controls. We use the OpenDJ implementation (even when not using OpenDJ). The example was from the documentation for OpenDS which is where OpenDJ was forked from.

Run the ldapsearch command with the --usePasswordPolicyControl option.

$ ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b dc=example,dc=com -s base --usePasswordPolicyControl "(objectclass=*)"

More Information#

There might be more information for this subject on one of the following: ...nobody