git.ipfire.org Git - thirdparty/samba.git/commit

author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
	Wed, 24 Sep 2025 23:45:30 +0000 (11:45 +1200)
committer	Douglas Bagnall <dbagnall@samba.org>
	Thu, 15 Jan 2026 01:48:37 +0000 (01:48 +0000)
commit	b003beb85a648eae5bfe7e38362abd8d798e8f86
tree	63be2f44dbdeb97e97b0f75bacb27b73ac973751	tree \| snapshot
parent	49001e81589e8b5e4437b45f25622b07eecc95a5	commit \| diff

ldb: add "policy hints" controls to be used by password_hash module

These won't have any effect yet, but soon they will allow a privileged
account to perform a password reset that respects constraints on
password history, age, and length, as if the reset was an ordinary
password change (that is, where the user provides the old password).

A normal user can't reset their own password using this, if the
organisation is using a remote service (e.g. Entra ID or Keycloak) to
manage passwords, that service can use a policy hints control to
ensure it follows AD password policy.

Entra ID Self Service Password Reset (SSPR) uses the deprecated OID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

lib/ldb/common/ldb_controls.c		diff \| blob \| blame \| history
lib/ldb/include/ldb.h		diff \| blob \| blame \| history
source4/libcli/ldap/ldap_controls.c		diff \| blob \| blame \| history