[ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 # Copyright (c) 2008 Chris Ridd <chris.ridd@isode.com>. All rights reserved. 2 # This program is free software; you can redistribute it and/or 3 # modify it under the same terms as Perl itself. 4 5 package Net::LDAP::Control::PasswordPolicy; 6 7 use vars qw(@ISA $VERSION); 8 use Net::LDAP::Control; 9 10 @ISA = qw(Net::LDAP::Control); 11 $VERSION = "0.02"; 12 13 use Net::LDAP::ASN qw(ppControlResponse); 14 use strict; 15 16 sub init { 17 my($self) = @_; 18 19 delete $self->{asn}; 20 21 unless (exists $self->{value}) { 22 $self->{asn} = \my %asn; 23 if (defined($self->{time_before_expiration})) { 24 $asn{warning}{timeBeforeExpiration} = defined($self->{time_before_expiration}); 25 } 26 elsif (defined($self->{grace_authentications_remaining})) { 27 $asn{warning}{graceAuthNsRemaining} = $self->{time_before_expiration}; 28 } 29 if (defined($self->{pp_error})) { 30 $asn{error} = $self->{pp_error}; 31 } 32 } 33 34 $self; 35 } 36 37 sub time_before_expiration { 38 my $self = shift; 39 $self->{asn} ||= $ppControlResponse->decode($self->{value}); 40 if (@_) { 41 delete $self->{value}; 42 my $time = shift; 43 if (defined $time) { 44 $self->{asn}{warning} = { timeBeforeExpiration => $time }; 45 } 46 elsif (my $warning = $self->{asn}{warning}) { 47 if (exists $warning->{timeBeforeExpiration}) { 48 delete $self->{asn}{warning}; 49 } 50 } 51 return $time; 52 } 53 my $warning = $self->{asn}{warning}; 54 $warning && $warning->{timeBeforeExpiration}; 55 } 56 57 sub grace_authentications_remaining { 58 my $self = shift; 59 $self->{asn} ||= $ppControlResponse->decode($self->{value}); 60 if (@_) { 61 delete $self->{value}; 62 my $remaining = shift; 63 if (defined $remaining) { 64 $self->{asn}{warning} = { graceAuthNsRemaining => $remaining }; 65 } 66 elsif (my $warning = $self->{asn}{warning}) { 67 if (exists $warning->{graceAuthNsRemaining}) { 68 delete $self->{asn}{warning}; 69 } 70 } 71 return $remaining; 72 } 73 my $warning = $self->{asn}{warning}; 74 $warning && $warning->{graceAuthNsRemaining}; 75 } 76 77 sub pp_error { 78 my $self = shift; 79 $self->{asn} ||= $ppControlResponse->decode($self->{value}); 80 if (@_) { 81 delete $self->{value}; 82 return $self->{asn}{error} = shift; 83 } 84 $self->{asn}{error}; 85 } 86 87 sub value { 88 my $self = shift; 89 return $self->{value} if exists $self->{value}; 90 my $asn = $self->{asn}; 91 # Return undef if all optional values are missing 92 return undef unless $asn and (defined $asn->{error} or $asn->{warning}); 93 $self->{value} = $ppControlResponse->encode($self->{asn}); 94 } 95 96 1; 97 98 __END__ 99 100 =head1 NAME 101 102 Net::LDAP::Control::PasswordPolicy - LDAPv3 Password Policy control object 103 104 =head1 SYNOPSIS 105 106 use Net::LDAP; 107 use Net::LDAP::Control::PasswordPolicy; 108 use Net::LDAP::Constant qw( LDAP_CONTROL_PASSWORDPOLICY ); 109 110 $ldap = Net::LDAP->new( "ldap.example.com" ); 111 112 $pp = Net::LDAP::Control::PasswordPolicy->new; 113 114 $mesg = $ldap->bind( "cn=Bob Smith,dc=example,dc=com", 115 password => "secret", 116 control => [ $pp ] ); 117 118 # Get password policy reponse 119 my($resp) = $mesg->control( LDAP_CONTROL_PASSWORDPOLICY ); 120 121 if (defined($resp)) { 122 my $v = $resp->pp_error; 123 print "Password policy error $v\n" if defined $v; 124 $v = $resp->time_before_expiration; 125 print "Password expires in $v second(s)\n" if defined $v; 126 } 127 128 =head1 DESCRIPTION 129 130 C<Net::LDAP::Control::PasswordPolicy> provides an interface for the 131 creation and manipulation of objects that represent 132 C<PasswordPolicyRequest>s and C<PasswordPolicyResponse>s as described by 133 draft-behera-password-policy-09. 134 135 This control can be passed to most operations, including the bind. 136 137 =head1 CONSTRUCTOR ARGUMENTS 138 139 There are no constructor arguments other than those provided by 140 L<Net::LDAP::Control>. 141 142 =head1 METHODS 143 144 =over 4 145 146 =item time_before_expiration 147 148 If defined, this is an integer value holding the time left in seconds 149 before the account's password will expire. 150 151 =item grace_authentications_remaining 152 153 If defined, this is an integer value holding the number of 154 authentication requests allowed before the account is locked. 155 156 =item pp_error 157 158 If defined, this contains a more detailed error code for the account. 159 See L<Net::LDAP::Constant> for definitions of each. 160 Values can include: 161 162 =over 4 163 164 =item LDAP_PP_PASSWORD_EXPIRED 165 166 =item LDAP_PP_ACCOUNT_LOCKED 167 168 =item LDAP_PP_CHANGE_AFTER_RESET 169 170 =item LDAP_PP_PASSWORD_MOD_NOT_ALLOWED 171 172 =item LDAP_PP_MUST_SUPPLY_OLD_PASSWORD 173 174 =item LDAP_PP_INSUFFICIENT_PASSWORD_QUALITY 175 176 =item LDAP_PP_PASSWORD_TOO_SHORT 177 178 =item LDAP_PP_PASSWORD_TOO_YOUNG 179 180 =item LDAP_PP_PASSWORD_IN_HISTORY 181 182 =back 183 184 =back 185 186 =head1 SEE ALSO 187 188 L<Net::LDAP>, 189 L<Net::LDAP::Control>, 190 L<Net::LDAP::Constant>, 191 draft-behera-ldap-password-policy-09.txt 192 193 =head1 AUTHOR 194 195 Chris Ridd E<lt>chris.ridd@isode.comE<gt> 196 197 Please report any bugs, or post any suggestions, to the perl-ldap 198 mailing list E<lt>perl-ldap@perl.orgE<gt> 199 200 =head1 COPYRIGHT 201 202 Copyright (c) 2008 Chris Ridd. All rights reserved. This program is 203 free software; you can redistribute it and/or modify it under the same 204 terms as Perl itself. 205 206 =cut 207
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |