Overview#
The PasswordPolicyRequest SupportedControl that can be used to request information about the current password policy state for a user entry.The PasswordPolicyRequest SupportedControl is defined in draft-behera-ldap-password-policy
Both the PasswordPolicyRequest and passwordPolicyResponse controls have the same OID of 1.3.6.1.4.1.42.2.27.8.5.1.
The request control does not have a value.
The PasswordPolicyResponse value is encoded.
Example LDAPSEARCH#
Example To Search Using the Password Policy Control.The Password Policy Control allows a client to request information about the current password policy information for a user entry.
You can specify the Password Policy Control with ldapsearch in a number of ways:
- OID. Use the --control or -J option with the Password Policy Control OID: 1.3.6.1.4.1.42.2.27.8.5.1 with no value.
- Named constant. Use the named constants, pwpolicy or passwordpolicy with the --control or -J option instead of the Password Policy Control OID. For example, use -J pwpolicy or -J passwordpolicy with ldapsearch.
Option. Use the --usePasswordPolicyControl option.
The -J or --control option is used to specify which controls to use in a search request. The --usePasswordPolicyControl option is used for bind requests.
Run the ldapsearch command with the --usePasswordPolicyControl option.
$ ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b dc=example,dc=com -s base --usePasswordPolicyControl "(objectclass=*)"
