This control can be included in add, bind, compare, modify, and password modify extended requests to obtain information about the associated user’s password policy state. This includes:

  • The length of time until the user’s password expires
  • The number of remaining grace logins
  • Whether the password is expired
  • Whether the account is locked
  • Whether the user must change their password
  • Whether an update attempt failed because the user is not allowed to change their password
  • Whether an update attempt failed because the user is required to provide their current password
  • Whether an operation failed because the password is considered too weak
  • Whether the proposed password is too short
  • Whether the proposed password already exists in the user’s password history
  • Whether a user cannot change their password because there has not been enough time since the previous password change

Because this control is based on a public specification, its format is fixed and it is not updated to support additional features.