Enabling the verify password extended operation
Before you begin
You must enable the required access privileges detailed in The verify password extended operation.
About this task
To verify a password using the verify-password extended operation, enable the extended operation and then send a client request with the required information.
The client request must be a JavaScript Object Notation (JSON) object containing the following required fields:
dn-
The distinguished name (DN) of the user account whose password the server should verify.
password-
The password to verify for that user.
The server response contains a result code that explains the outcome of the verify-password operation. The following table describes the result codes that the server can return:
| Server response code | Description |
|---|---|
|
The extended request is malformed. |
|
The provided password isn’t correct for the target user. |
|
The provided password is correct for the target user. |
|
The server is required to only permit the extended operation over a secure connection, or the server is configured to require secure authentication for the target user, but the client is using an insecure connection. |
|
The target user account does not exist. |
|
The provided DN is malformed. |
|
The target user account doesn’t have a password. |
|
The client doesn’t have sufficient permission to use the extended operation. |
|
The server encountered an internal error while attempting to verify the password. |
Steps
-
Enable the
verify-passwordextended operation.Example:
$ bin/dsconfig create-extended-operation-handler \ --handler-name "Verify Password" \ --type verify-password \ --set enabled:true -
Send a properly formed client request.
Learn more about formulating a request using the extended operation.
-
Use the result code in the response to determine how the client responds to the user.