7625 – ppolicy doesn't support changing olcPasswordHash without restart

Issue 7625 - ppolicy doesn't support changing olcPasswordHash without restart

Summary: ppolicy doesn't support changing olcPasswordHash without restart

Status:	VERIFIED FEEDBACK

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	2.4.35
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-06-14 15:43 UTC by joke@seiken.de
Modified:	2021-08-03 18:13 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description joke@seiken.de 2013-06-14 15:43:38 UTC

Full_Name: Joke de Buhr
Version: 2.4.35
OS: fedora 18 64bit
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (37.5.143.82)


While using the password policy overlay changing the parameter olcPasswordHash
causes an error upon password update.

When changing the password via ldappasswd after changing the parameter
olcPasswordHash the error

  Constraint violation (19) Password policy only allows one password value

if returned to the client. Changing the password isn't possible until slapd is
restarted. After restarting slapd changing the password works again.



Please refer to my postings [1] on the mailing list.

 [1] http://www.openldap.org/lists/openldap-technical/201306/msg00122.html

Comment 1 Howard Chu 2013-08-10 12:15:47 UTC

joke@seiken.de wrote:
> Full_Name: Joke de Buhr
> Version: 2.4.35
> OS: fedora 18 64bit
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (37.5.143.82)
>
>
> While using the password policy overlay changing the parameter olcPasswordHash
> causes an error upon password update.

Unable to reproduce the issue here. Please post your complete slapd 
configuration, sample LDIF, and the exact commandlines you issued to 
demonstrate the problem.
>
> When changing the password via ldappasswd after changing the parameter
> olcPasswordHash the error
>
>    Constraint violation (19) Password policy only allows one password value
>
> if returned to the client. Changing the password isn't possible until slapd is
> restarted. After restarting slapd changing the password works again.
>
>
>
> Please refer to my postings [1] on the mailing list.
>
>   [1] http://www.openldap.org/lists/openldap-technical/201306/msg00122.html
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 2 Howard Chu 2013-08-10 12:59:34 UTC

changed state Open to Feedback

Comment 3 Quanah Gibson-Mount 2017-04-13 15:28:34 UTC

moved from Incoming to Software Bugs

Comment 4 Gena Batalski 2018-02-15 15:35:07 UTC

Hello,

today i faced the same problem but because of multiple
*olcPasswordHash *entries.
This caused the *userPassword *attribute was created multiple times for a
single password change request: once for each hash algorithm declared in
*olcPasswordHash*

By the way, restarts didn't help.

Regards,

Gena