The PasswordPolicyRequest SupportedControl that can be used to request information about the current password policy state for a user entry.

The PasswordPolicyRequest SupportedControl is defined in draft-behera-ldap-password-policy

Both the PasswordPolicyRequest and passwordPolicyResponse controls have the same OID of

The request control does not have a value.

The PasswordPolicyResponse value is encoded.


Example To Search Using the Password Policy Control.

The Password Policy Control allows a client to request information about the current password policy information for a user entry.

You can specify the Password Policy Control with ldapsearch in a number of ways:

  • OID. Use the --control or -J option with the Password Policy Control OID: with no value.
  • Named constant. Use the named constants, pwpolicy or passwordpolicy with the --control or -J option instead of the Password Policy Control OID. For example, use -J pwpolicy or -J passwordpolicy with ldapsearch.

Option. Use the --usePasswordPolicyControl option.

The -J or --control option is used to specify which controls to use in a search request. The --usePasswordPolicyControl option is used for bind requests.

Run the ldapsearch command with the --usePasswordPolicyControl option.

$ ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b dc=example,dc=com -s base --usePasswordPolicyControl "(objectclass=*)"

More Information#

There might be more information for this subject on one of the following: