Get current ldap/ad password policy

[nilskretschmer]

Is it possible to retrieve the current configured password policy from ad/ldap?

We catch the exception like this:

        } catch (\LdapRecord\Exceptions\ConstraintViolationException $ex) {
            // The users new password does not abide
            // by the domains password policy.
            $this->logLdapError($ex);

            throw ValidationException::withMessages([
                'data.new_password' => __('passwords.policy_exception'),
            ]);

        }

But it would be very nice to show the user some detailed description about the policy itself. Because the policy can change from time to time it would be best practice to keep it dynamic and retrieve the policy directly from the ad/ldap.

[stevebauman]

Hi @nilskretschmer,

You may be able to retrieve these configuration values by retrieving the root domain object (not the RootDSE):

use LdapRecord\Models\Entry;

 Entry::in('DC=example,DC=com')
    ->read()
    ->whereHas('objectclass')
    ->firstOrFail();

[nilskretschmer]

Thank you @stevebauman

I will give it a shot.