Full_Name: Angelo Rossini Version: OpenLDAP-LTB 2.4.44.1 OS: Debian 8 x86-64 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (130.186.19.204) Hi, I'm using the password policy overlay with this configuration: pwdAttribute: userPassword pwdAllowUserChange: TRUE pwdCheckModule: /usr/local/openldap/lib64/check_password.so pwdCheckQuality: 2 pwdExpireWarning: 432000 pwdFailureCountInterval: 300 pwdGraceAuthNLimit: 0 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 120 pwdMaxAge: 63072000 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 8 pwdMustChange: TRUE pwdSafeModify: TRUE When I try to change the password and the password is one of the last five in history I find that attributes pwdChangedTime and modifyTimestamp have changed their values. I think that this behaviour is quite strange, because I haven't changed anything on the entry. Can someone explain me if is possible to avoid this behaviour? Regards, Angelo.
On Mon, Dec 19, 2016 at 08:29:22AM +0000, a.rossini@cineca.it wrote: > Hi, > > I'm using the password policy overlay with this configuration: > > [...] > > When I try to change the password and the password is one of the last five in > history I find that attributes pwdChangedTime and modifyTimestamp have changed > their values. > > I think that this behaviour is quite strange, because I haven't changed anything > on the entry. > > Can someone explain me if is possible to avoid this behaviour? Hi Angelo, thanks for the report but I'm not seeing this in current master (2.5). If you still experience this, would you be able to provide more information how to reproduce this behaviour? Thanks,