#416: Add support for ppolicy pwdReset attribute

[scholl]

I include the handling for the pwdReset attribute wenn ppolicy is included to ensure a password reset via Linux SSSD client.

I tested with openldap 2.6 and it worked quite fine. Can someone ensure that it has no influence when ppolicy is not used.

[leenooks]

Hi @scholl thanks for taking the time to create this PR.

I like what you've done, and would like to implement something to support this. My concern is it is specific, and assumes, an LDAP server implements ppolicy and makes available an attribute pwdReset - which I know some servers dont.

In my quick research on this - servers that do implement password policy present an ldap control to indicate it. I'd like to research querying for that control (I think it is 1.3.6.1.4.1.42.2.27.8.5.1) and make available this capability if the LDAP server presents it.

I've also added some comments for you to review as I looked through your code. Today I pushed some commits to master that I've been working on, which will require you to rebase your work (sorry :).

[scholl]

Hi @leenooks,

do you already post youre comments? I mad another adjustments because of the changes on the master branch and fixes some little bugs --> when trying to set the pwdReset from true to false there was a wrong behaviour.

how shall be proceed? We need the querying for the ppolicy? And only use it when available?

[leenooks]

do you already post youre comments?

I did - do they not show for you on the conversation tab? I thought you'd get an email as well...

[leenooks]

I'm not sure about this and will need to review it in more detail - not all server implement ppolicy and/or pwdreset attributes.

[leenooks]

Not all LDAP servers implement pwdReset, so this needs to be externalised as a configurable item if the functionality can be supported by other ldapservers, and they use a different attribute name, eg: pwdLastSet.

[leenooks]

This will need to be an external configurable item, to allow for users who (also) use custom schemas.