On Thu, Jun 16, 2011 at 11:20:06AM -0400, Dmitri Pal wrote:
On 06/16/2011 08:09 AM, Simo Sorce wrote:
> On Thu, 2011-06-16 at 11:32 +0200, Sumit Bose wrote:
>> Hi,
>>
>> by chance I realized that an OpenLDAP server does not list all controls
>> it can handle in the rootDSE attribute supportedControl.
>>
>> Especially LDAP_CONTROL_PASSWORDPOLICY is not listed. According to the
>> OpenLDAP developers this is because the related spec
>> (
http://tools.ietf.org/html/draft-behera-ldap-password-policy-10) is
>> still a draft and not finalized
>> (
http://www.openldap.org/lists/openldap-software/200606/msg00220.html).
>> Since sssd only uses controls which are in the supportedControl list we
>> will not be able to give the user expiration warnings or information
>> about grace logins for OpenLDAP servers with the password policy overlay
>> enabled.
>>
>> I'm not sure if we need to do anything about it but at least I think it
>> is good to be aware of.
> Maybe we can have an override option where we list the OIDs we know are
> supported even though they are not listed in rootDSE. IT may be useful
> for testing and other purposes too.
>
> Simo.
>
Please open a ticket with RFE.
I have opened
https://fedorahosted.org/sssd/ticket/899 to track this.
bye,
Sumit
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel