Add functionality to be able to use LDAP password policy request/response controls as described in:
Extract from the draft's abstract:
"..In order to improve the security of LDAP directories and make it difficult for password cracking programs to break into directories, it is desirable to enforce a set of rules on password usage. These rules are made to ensure that users change their passwords periodically, passwords meet construction requirements, the re-use of old password is restricted, and users are locked out after a certain number of failed attempts."
The implementation has been discussed in the current thread: http://forum.springframework.org/showthread.php?t=21860 and Luke has added related classes to the sandbox. Necessary classes are still missing.
1. org.acegisecurity.providers.ldap.DefaultInitialDirContextFactory return instances of InitialDirContext. To be able to use request controls the returned contexts needs to implement LdapContext. I suggest adding a new factory DefaultInitialLdapContextFactory or rewriting the existing factory to return instances of InitialLdapContext instead of InitialDirContext. The factory should also include these methods:
a) void setConnectionRequestControls(javax.naming.ldap.Control controls);
These controls are used when instanciating the returned contexts.
b) void setControlFactories(String factories);
A convenience method which sets the environment property for specifying the list of control factories to use.
2. Create an authenticator which is password policy aware.