IDP v3 - OpenLDAP password policy - forcing password reset

Cantor, Scott cantor.2 at
Wed May 20 17:26:16 EDT 2015

On 5/20/15, 9:09 PM, "Emilio Penna" <emilio.penna at> wrote:

>The difference: if bind success, the state.getError() isn't
>"propagated", so you "lose" it for catching any error code, and maybe
>adapt flow accordingly mapping the error code to some event.

I would have assumed from the code that it was the Code or Message that 
was typically being maped, and not the Error property, but I wouldn't know.

>One example is the control for forcing password reset, in that case, the
>bind success, and the control is informed by ldaptive in state.getError
>(state.getError=CHANGE_AFTER_RESET in this case). The generated message
>in this case, I guess that is something like
>"ACCOUNT_WARNING:SUCCESS:null",  it don't have the errorCode
>"CHANGE_AFTER_RESET", so you don't have the chance to detect it as
>result of the action and adapt the flow.

Daniel would have to speak to that, but since all of this is, I presume, 
totally non-standard, it doesn't seem like any of it is very consistent or 
reliable to code around.

-- Scott

More information about the users mailing list