https://bugs.openldap.org/show_bug.cgi?id=9279
--- Comment #4 from Michael Ströder michael@stroeder.com --- Was this actually tested with one of the legacy clients making use of that?
I have some doubts about using LBER_USE_DER.
Because I've searched in my old python-ldap mailing list archive and found that with other server implementations controlValue of 2.16.840.1.113730.3.4.5 consists just of ASCII digits representing grace period in seconds.
And IIRC controlValue of 2.16.840.1.113730.3.4.4 is also just a single digit "0" without OctetString wrapping. See also my inquiry to ietf-ldapext mailing list:
https://mailarchive.ietf.org/arch/msg/ldapext/jBnnQxBngfYUD8A2RLeI1tAVb5M
Note that many moons ago I had test servers when implementing this in python-ldap. IIRC it was OpenDJ.
I've recently added automated tests for that in python-ldap0:
https://gitlab.com/ae-dir/python-ldap0/-/blob/master/tests/test_ppolicy.py#L...