On 26/06/2019 15:26, Ludovic Poitou wrote:
That Internet draft (draft-vchu-ldap-pwd-policy-00.txt) is a piece of
memory of how Netscape Directory Server 4.x was doing password policy.
The controls are the only piece that are still implemented in
ForgeRock DS, and it’s siblings (OUD, Ping Directory…), but they are
also still implemented in Oracle DSEE and Red-Hat Directory, mostly
because they were unsolicited and many clients are still able to deal
with them.
I would be surprised if the control returned value with ForgeRock DS
actually differs from Sun/Oracle DSEE, as we used the same test suite
to validate the returned controls. But it’s very possible that it’s
not really compliant with the ASN.1 description of the control.
Many thanks Ludovic.
ATM, I'm basing the LDAP API code to deal with a single byte for this
control value (aka 0x30, '0'). This is not ASN.1 compliant, but all in
all, who cares ? The control value is anyway supposed to be opaque, so I
guess it's fine as soon as all the implementers did the same.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
