How can I obtain detailed information about the password policy?

[taru3004]

It appears that we can obtain detailed information regarding password policy in version 3 through the following issues:

#186
#770

#839 (version 3 clean slate notification)

However, i was unable to obtain any detailed information during the bind process.
Could you please provide a sample code if possible?

[jsumners]

It sounds like you are asking about support for the controls described in https://datatracker.ietf.org/doc/html/draft-behera-ldap-password-policy-10#anchor52 (§6,6.1,6.2). That doc is a draft doc and I cannot find an accepted "RFC" version of it. However, servers, including OpenLDAP, have implemented the proposed spec regardless of the draft status. Thus, we are not opposed to it being added here.

The controls we currently support are plainly listed at https://github.com/ldapjs/controls/tree/9718b85dc8eae4522e5d879a603a13422d6e245a/lib/controls. The controls in question are not in that list. If you would like support for them, you are welcome to work on the feature. At a minimum, such work is likely to require:

1. An update to the @ldapjs/controls module linked above.
2. An update to the ldapjs module to recognize the new response controls.
3. An update to https://github.com/ldapjs/docker-test-openldap to include the overlay.
4. Tests to prove the functionality and guard against regression.

Would you like to work on this?

[taru3004]

@jsumners

For example, when I enter the following command as a shell command, the rejection reason is displayed through the Additional Info message:

ldappasswd -H ldapi:/// -x -D <user DN> -W -S Result: Constraint violation (19) Additional info: Password is too young to change

However, when I use ldapjs to call the modify operation for the userPassword value, only the following error is generated:
{ "lde_message":"Constraint Violation", "lde_dn":null }

would like to obtain additional information like "Password is too young to change." Is it currently not supported by ldapjs?

[jsumners]

Did you read my previous reply?

[taru3004]

@jsumners
Of course, I have read your message. However, since English is not my native language, I have a little confusion.

1. Do I need to update the controls module myself?
2. Or is it a matter that requires future updates because it is currently not supported by ldapjs?
3. Is it already supported in version 3?

Based on your previous answer, it looks like the second case is correct.
If so, is the closure of issues 186 or 770 unrelated to the support of password policy related controls in version 3?

[jsumners]

The requested feature is not implemented. I outlined the minimum of what would need to be done to implement the feature.

[taru3004]

I understand. :)
Thank you for your response, and may I ask if you have any implementation plans?

[jsumners]

No. You are welcome to work on it.

[taru3004]

Try and if it works well, I'll share it.

[jsumners]

Being worked on in #949.

[jsumners]

Solved by #949.