Idea ID: 2803237

Add support for ldap controls

Status: Waiting for Votes

Waiting for Votes

See status update history

This idea was posted by Rainer Brunold on 12/23/2019.

LDAP connections to server support different types of controls. Eg. there is a edirectroy control for supporting simple passwords via LDAP:

'2.16.840.1.113719.': ('2.16.840.1.113719.', OID_CONTROL, 'Simple password', 'NOVELL'),

Other controls are available for getting a server side sorted list back from LDAP searches, using persistent searches and so on.

Please add a option for LDAP connections to set a list of active controls for the connection.

We have a IDM environment where set synchronize simple passwords, but we are not able to create a Validator test for that because we cannot enable the LDAP control for that connection.

A ldif file could look like this to enable the control and set the universal password as a hash value:

dn: cn=XXXX,ou=USER,ou=ROAM,o=XXXX

control: 2.16.840.1.113719.

changetype: modify

replace: userPassword

userPassword: {md5}HM1L3x9FtNeOnQvpto3Iuw==