Skip to content
This repository has been archived by the owner on May 14, 2024. It is now read-only.

How can I obtain detailed information about the password policy? #946

Closed
taru3004 opened this issue Sep 30, 2023 · 10 comments
Closed

How can I obtain detailed information about the password policy? #946

taru3004 opened this issue Sep 30, 2023 · 10 comments

Comments

@taru3004
Copy link

It appears that we can obtain detailed information regarding password policy in version 3 through the following issues:

#186
#770

#839 (version 3 clean slate notification)

However, i was unable to obtain any detailed information during the bind process.
Could you please provide a sample code if possible?

@jsumners
Copy link
Member

It sounds like you are asking about support for the controls described in https://datatracker.ietf.org/doc/html/draft-behera-ldap-password-policy-10#anchor52 (§6,6.1,6.2). That doc is a draft doc and I cannot find an accepted "RFC" version of it. However, servers, including OpenLDAP, have implemented the proposed spec regardless of the draft status. Thus, we are not opposed to it being added here.

The controls we currently support are plainly listed at https://github.com/ldapjs/controls/tree/9718b85dc8eae4522e5d879a603a13422d6e245a/lib/controls. The controls in question are not in that list. If you would like support for them, you are welcome to work on the feature. At a minimum, such work is likely to require:

  1. An update to the @ldapjs/controls module linked above.
  2. An update to the ldapjs module to recognize the new response controls.
  3. An update to https://github.com/ldapjs/docker-test-openldap to include the overlay.
  4. Tests to prove the functionality and guard against regression.

Would you like to work on this?

@taru3004
Copy link
Author

taru3004 commented Oct 1, 2023

@jsumners

For example, when I enter the following command as a shell command, the rejection reason is displayed through the Additional Info message:

ldappasswd -H ldapi:/// -x -D <user DN> -W -S Result: Constraint violation (19) Additional info: Password is too young to change

However, when I use ldapjs to call the modify operation for the userPassword value, only the following error is generated:
{ "lde_message":"Constraint Violation", "lde_dn":null }

would like to obtain additional information like "Password is too young to change." Is it currently not supported by ldapjs?

@jsumners
Copy link
Member

jsumners commented Oct 1, 2023

Did you read my previous reply?

@taru3004
Copy link
Author

taru3004 commented Oct 2, 2023

@jsumners
Of course, I have read your message. However, since English is not my native language, I have a little confusion.

  1. Do I need to update the controls module myself?
  2. Or is it a matter that requires future updates because it is currently not supported by ldapjs?
  3. Is it already supported in version 3?

Based on your previous answer, it looks like the second case is correct.
If so, is the closure of issues 186 or 770 unrelated to the support of password policy related controls in version 3?

@jsumners
Copy link
Member

jsumners commented Oct 2, 2023

The requested feature is not implemented. I outlined the minimum of what would need to be done to implement the feature.

@taru3004
Copy link
Author

taru3004 commented Oct 3, 2023

I understand. :)
Thank you for your response, and may I ask if you have any implementation plans?

@jsumners
Copy link
Member

jsumners commented Oct 3, 2023

No. You are welcome to work on it.

@taru3004
Copy link
Author

taru3004 commented Oct 4, 2023

Try and if it works well, I'll share it.

@jsumners jsumners closed this as not planned Won't fix, can't repro, duplicate, stale Oct 4, 2023
@jsumners jsumners reopened this Oct 30, 2023
@jsumners
Copy link
Member

Being worked on in #949.

@jsumners
Copy link
Member

Solved by #949.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants