The password policy control
PingDirectory server supports the password policy request control, as described in draft-behera-ldap-password-policy-10.
This control can be included in add, bind, compare, modify, and password modify extended requests to obtain information about the associated user’s password policy state. This includes:
-
The length of time until the user’s password expires
-
The number of remaining grace logins
-
Whether the password is expired
-
Whether the account is locked
-
Whether the user must change their password
-
Whether an update attempt failed because the user is not allowed to change their password
-
Whether an update attempt failed because the user is required to provide their current password
-
Whether an operation failed because the password is considered too weak
-
Whether the proposed password is too short
-
Whether the proposed password already exists in the user’s password history
-
Whether a user cannot change their password because there has not been enough time since the previous password change
Because this control is based on a public specification, its format is fixed and it is not updated to support additional features.