You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Lukas Slebodnik (JIRA)" <ji...@apache.org> on 2014/02/04 11:06:09 UTC

[jira] [Created] (DIRSERVER-1955) Directory Apacheds sends wrong empty response for password policy request

Lukas Slebodnik created DIRSERVER-1955:
------------------------------------------

             Summary: Directory Apacheds sends wrong empty response for password policy request
                 Key: DIRSERVER-1955
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1955
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: 2.0.0-M15
            Reporter: Lukas Slebodnik


According to ldap password policy draft
(http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-6.2)
Response Control should contain controlType (1.3.6.1.4.1.42.2.27.8.5.1) and
the controlValue and the BER encoding of the following type:

   PasswordPolicyResponseValue ::= SEQUENCE {
         warning [0] CHOICE {
            timeBeforeExpiration [0] INTEGER (0 .. maxInt),
            graceAuthNsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL,
         error   [1] ENUMERATED {
            passwordExpired             (0),
            accountLocked               (1),
            changeAfterReset            (2),
            passwordModNotAllowed       (3),
            mustSupplyOldPassword       (4),
            insufficientPasswordQuality (5),
            passwordTooShort            (6),
            passwordTooYoung            (7),
            passwordInHistory           (8) } OPTIONAL }

Empty response should also contain BER encoding of empty sequence.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)