NAME

       Net::LDAP::Control::PasswordPolicy - LDAPv3 Password Policy control object

SYNOPSIS

        use Net::LDAP;
        use Net::LDAP::Control::PasswordPolicy;
        use Net::LDAP::Constant qw( LDAP_CONTROL_PASSWORDPOLICY );

        $ldap = Net::LDAP->new( "ldap.example.com" );

        $pp = Net::LDAP::Control::PasswordPolicy->new;

        $mesg = $ldap->bind( "cn=Bob Smith,dc=example,dc=com",
                             password => "secret",
                             control => [ $pp ] );

        # Get password policy response
        my($resp)  = $mesg->control( LDAP_CONTROL_PASSWORDPOLICY );

        if (defined($resp)) {
          my $v = $resp->pp_error;
          print "Password policy error $v\n"  if defined $v;
          $v = $resp->time_before_expiration;
          print "Password expires in $v second(s)\n"  if defined $v;
        }

DESCRIPTION

       "Net::LDAP::Control::PasswordPolicy" provides an interface for the creation and
       manipulation of objects that represent "PasswordPolicyRequest"s and
       "PasswordPolicyResponse"s as described by draft-behera-password-policy-09.

       This control can be passed to most operations, including the bind.

CONSTRUCTOR ARGUMENTS

       There are no constructor arguments other than those provided by Net::LDAP::Control.

METHODS

       time_before_expiration
           If defined, this is an integer value holding the time left in seconds before the
           account's password will expire.

       grace_authentications_remaining
           If defined, this is an integer value holding the number of authentication requests
           allowed before the account is locked.

       pp_error
           If defined, this contains a more detailed error code for the account.  See
           Net::LDAP::Constant for definitions of each.  Values can include:

           LDAP_PP_PASSWORD_EXPIRED
           LDAP_PP_ACCOUNT_LOCKED
           LDAP_PP_CHANGE_AFTER_RESET
           LDAP_PP_PASSWORD_MOD_NOT_ALLOWED
           LDAP_PP_MUST_SUPPLY_OLD_PASSWORD
           LDAP_PP_INSUFFICIENT_PASSWORD_QUALITY
           LDAP_PP_PASSWORD_TOO_SHORT
           LDAP_PP_PASSWORD_TOO_YOUNG
           LDAP_PP_PASSWORD_IN_HISTORY

SEE ALSO

       Net::LDAP, Net::LDAP::Control, Net::LDAP::Constant,
       draft-behera-ldap-password-policy-09.txt

AUTHOR

       Chris Ridd <chris.ridd@isode.com>

       Please report any bugs, or post any suggestions, to the perl-ldap mailing list
       <perl-ldap@perl.org>

COPYRIGHT

       Copyright (c) 2008 Chris Ridd. All rights reserved. This program is free software; you can
       redistribute it and/or modify it under the same terms as Perl itself.