[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] LDAP - password in history

To: Allan Clarke <mailinglistid2003@yahoo.com>
Subject: Re: [ldapext] LDAP - password in history
From: Dejan Muhamedagic <dejan@hello-penguin.com>
Date: Fri, 21 Feb 2003 16:01:39 +0100
Cc: ldapext@ietf.org
Content-disposition: inline
In-reply-to: <20030221120713.3692.qmail@web13306.mail.yahoo.com>
References: <3E560E1F.7090303@Sun.com> <20030221120713.3692.qmail@web13306.mail.yahoo.com>
User-agent: Mutt/1.3.23i

Hi,

You didn't read the Ludovic's reply carefully enough: he explained
everything in the postscript.  So, you should check the additional
info sent in the server side control.

Cheers.

Dejan

On Fri, Feb 21, 2003 at 04:07:13AM -0800, Allan Clarke wrote:
> 
> yes, my application connects to a iPlanet ldap server with all the password policies I mentioned earlier. I want to a know a way how my application can can check if the user entered password already exists in history. To do so there should be some attribute in some objectclass which contains the list of passwords. And at the moment I don't know how to get there. There is so little help out there that it is virtually impossible to find anything without any help.
> Cheers
> Allan
>  Ludovic Poitou <ludovic.poitou@Sun.com> wrote:Hi Allan,
> 
> Your question looks like to be related to a specific Directory Server 
> implementation and it may be better to ask directly to the vendor...
> PasswordHistory and PasswordinHistory attributes are Netscape / iPlanet 
> / Sun ONE specific as far as I know.
> 
> Regards,
> 
> Ludovic.
> 
> PS: With Sun ONE Directory Server 5.x, if the password is in the history 
> (when attempting to CHANGE it), the error returned is Constraint 
> Violation and the additional message will tell you that the password is 
> in the history.
> 
> Allan Clarke wrote:
> 
> > Hi everybody,
> >
> > My application is written in ColdFusion. We are using LDAP to 
> > authenticate users and have a strict
> > password policy. The password expire in 30 days, a warning message is 
> > sent to the user 7 days
> > before the password expires. LDAP also remembers 3 passwords in 
> > history and ooh I forgot the
> > password encryption is Salted Secure Hashing Algorithm (SSHA).
> >
> > Right, now I want to know a way to check if the user entered password 
> > is already in history. I
> > get a error "Invalid Credentials" when I try to use a password that is 
> > in history. I know there
> > is a LDAP attribute "PasswordHistory" and "PasswordInHistory" but I 
> > don't know which objectclass
> > they belong to. I see the "PasswordHistory" attribute in the user 
> > advanced properties window but it
> > does not have any value. One other question, if this is the only way 
> > to check if the password
> > exists in history, how do I add this attribute to my schema?
> >
> > Your help would be greatly apprecited.
> >
> > Regards
> > Allan
> >
> >
> > ------------------------------------------------------------------------
> > Do you Yahoo!?
> > Yahoo! Tax Center 
> > - 
> > forms, calculators, tips, and more 
> 
> 
> -- 
> Ludovic Poitou
> Sun Microsystems Inc.
> Sun ONE products - Directory Server Group - Grenoble - France
> 
> 
> 
> 
> 
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, and more
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- Re: [ldapext] LDAP - password in history
  - From: Ludovic Poitou <ludovic.poitou@Sun.com>
- Re: [ldapext] LDAP - password in history
  - From: Allan Clarke <mailinglistid2003@yahoo.com>

Prev by Date: Re: [ldapext] LDAP - password in history
Next by Date: Re: [ldapext] LDAP - password in history
Index(es):
- Chronological
- Thread