You can use this simple example to show that the CA Directory password policy is functioning correctly.
Client applications using this feature need to be able to parse the password policy response control. In test 1 and 2, the password policy response control is empty (no information to report).
set password-policy = true; set password-retries = 1;
ldua> bind-req ----> remote-addr = { # server address ----> psap = "PP" ----> ssap = "SS" ----> tsap = "TT" ----> nsap = ip "hostname" port 19389 ----> } ldua> unbind-req;
ldua> search-req ----> base-object = <> ----> attrs = supportedControl; ldua> <- LDAP SEARCH-CONFIRM invoke-id = 2 credit = 24 Entry: <> Contents: (supportedControl "1.3.6.1.4.1.42.2.27.8.5.1") ldua>
Note: The supportedControl attribute is in the sunone.dxc schema.
ldua> bind-req ----> user = <c au> ----> <o Democorp> ----> <ou Corporate> ----> <ou Administration> ----> <cn "Craig link"> ----> password = "wrong" ----> remote-addr = { # server address ----> psap = "PP" ----> ssap = "SS" ----> tsap = "TT" ----> nsap = ip "hostname" port 19389 ----> } ----> controls = { password-policy }; ldua>
Test 1: Test with an Incorrect Password
<- LDAP BIND-REFUSE invoke-id = 0 credit = 24 Bind Error: Security Error: Invalid credentials Controls: password-policy response
Test 2 Test with an Incorrect Password Again
<- LDAP BIND-REFUSE invoke-id = 0 credit = 24 Bind Error: Security Error: Invalid credentials Controls: password-policy response
Test 3: Test with the Correct Password, but Account Suspended
<- LDAP BIND-REFUSE invoke-id = 0 credit = 24 Bind Error: Security Error: Invalid credentials Controls: password-policy response Error: account-locked
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |