Il 15/04/2014 12:02, Huub Sepers ha scritto: > Hi, > > > > We use openLdap as our user identity store for our SSO solution which is > openAM. > > > > We want to implement a password expiration strategy. > > Therefore we have to configure openLdap to return a signal for events > like: > > - password about to expire > > - password expired > > - .... > > > > The openAM code (java) anticipates "controls" for this purpose. > > > > Questions: > > - How to configure openLdap to return a control when a password > is about to expire. > > - Which java Ldap api should be used to process such a control.
Not sure at all about answering to the correct question, but ldaptive.org java ldap toolset handles fine openldap's ppolicy, for example: just drop ldaptive jar in shibboleth and your IdP warns users whether password is expired (in opposite to wrong password) greetings, Francesco
