OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/8802
Full headers

From: matsl@irf.se
Subject: ldappasswd ppolicy
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 08 Feb 2018 09:11:05 +0000
From: matsl@irf.se
To: openldap-its@OpenLDAP.org
Subject: ldappasswd ppolicy
Full_Name: Mats Luspa
Version: openldap-2.4.40+dfsg
OS: 3.16.0-4-686-pae #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) i686 GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:6b0:27:cc:2740:e692:a5b1:4b0f)


Hello!

When you are using ppolicy password changed are recorded in pwdHistory
attribute.

ldappasswd can't be used due to that. It checks of some reason that pwdHistory
not exists before it changes that password. If pwdHistory exists then the
ldappaswd can't change the password.

Here's the log file:

2018-02-08T09:42:45+01:00 mailserver slapd[725]: bdb_modify_internal: replace
userPassword
2018-02-08T09:42:45+01:00 mailserver slapd[725]: bdb_modify_internal: replace
pwdChangedTime
2018-02-08T09:42:45+01:00 mailserver slapd[725]: bdb_modify_internal: add
pwdHistory
2018-02-08T09:42:45+01:00 mailserver slapd[725]: bdb_modify_internal: replace
pwdChangedTime
2018-02-08T09:42:45+01:00 mailserver slapd[725]: bdb_modify_internal: add
pwdHistory
2018-02-08T09:42:45+01:00 mailserver slapd[725]: bdb_modify_internal: 20
modify/add: pwdHistory: value #0 already exists
2018-02-08T09:42:45+01:00 mailserver slapd[725]: send_ldap_result: err=20
matched="" text="modify/add: pwdHistory: value #0 already exists"

/Regards Mats
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org