The retire password request control can be included in a modify request or a password modify extended request to indicate that the user’s current password should be retired so that it can continue to be used to authenticate to the account, as an alternative to the new password, for a limited period of time.

The purge password request control can be used to indicate that the user’s current password should be purged from the entry even if it would have otherwise been retired based on the password policy configuration.