Effective password policy

Name: Effective password policy
Description: Used to query the effective password policy for a user or group entry and lists the policies used in determining its effective password policy.
Assigned object identifier: 1.3.18.0.2.12.75
Values: The following ASN.1 syntax describes the BER encoding of the request value.
```
RequestValue ::= SEQUENCE  {
 entryDN LDAPDN
}
```
where,
entryDN - A distinguished name (DN) containing the entry whose effective password policies and password policy attribute values are being queried.
Detailed description: The Effective password policy extended operation is only allowed when bound as an LDAP root or directory data administrator, or as a user querying its own effective password policy. An LDAP root or directory data administrator is allowed to query the effective password policy of other users and groups in the directory. When a user entry is queried, this extended operation shows the effective password policy entries and values that are used to control the user's authentication and password modifications. When a group entry is queried, this extended operation provides the effective password policy that is a combination of the group's password policy attributes and the global password policy entry, cn=pwdpolicy,cn=ibmpolicies.
Response object identifier: 1.3.18.0.2.12.77
Response description: When a user entry is queried, this extended response shows the effective password entries and values used to control the user's authentication and password modifications. When a group entry is queried, this extended operation provides the effective password policy that is a combination of the group's password policy attributes and the global password policy entry, cn=pwdpolicy,cn=ibmpolicies. If a user is querying their own effective password policy, the objectNames are not returned.
Response values: The following describes the response value.
```
ResponseValue ::= SEQUENCE {
		attributes				SEQUENCE OF SEQUENCE {
															  attributeType							AttributeDescription,
															  values												  SET OF AttributeValue
		}
		objectNames				[0] SEQUENCE {						
															  objectName							  LDAPDN OPTIONAL
		}
}
```
Where,

attributes - The password policy attribute types and values that are contained in the user's or group's effective password policy.

objectName - The distinguished names of all password policy entries from where the effective password policy attribute values are derived. The objectName field is only returned in the extended operation response when bound as an LDAP root or directory data administrator. It is not returned when bound as a normal user.

Response detailed description:

The following table summarizes some different error scenarios and the Effective password policy response returned for such scenarios.

Error scenario	Effective password policy response
An unauthorized user tries to perform the extended operation	Returns an LDAP_INSUFFICIENT ACCESS return code
Syntax of DN specified is not correct	Returns an LDAP_INVALID_DN_SYNTAX return code
Insufficient memory to perform the operation	Returns an LDAP_NO_MEMORY return code
`entryDN` does not exist	Returns an LDAP_NO_SUCH_OBJECT return code
Internal server error	Returns an LDAP_OPERATIONS_ERROR return code
LDAP server is unable to decode the request	Returns an LDAP_PROTOCOL_ERROR return code
Returned for errors not covered by previously documented return codes. Check the corresponding error message for further details.	Returns an LDAP_OTHER return code