[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] LDAP - password in history
Hi Allan,
Your question looks like to be related to a specific Directory Server
implementation and it may be better to ask directly to the vendor...
PasswordHistory and PasswordinHistory attributes are Netscape / iPlanet
/ Sun ONE specific as far as I know.
Regards,
Ludovic.
PS: With Sun ONE Directory Server 5.x, if the password is in the history
(when attempting to CHANGE it), the error returned is Constraint
Violation and the additional message will tell you that the password is
in the history.
Allan Clarke wrote:
Hi everybody,
My application is written in ColdFusion. We are using LDAP to
authenticate users and have a strict
password policy. The password expire in 30 days, a warning message is
sent to the user 7 days
before the password expires. LDAP also remembers 3 passwords in
history and ooh I forgot the
password encryption is Salted Secure Hashing Algorithm (SSHA).
Right, now I want to know a way to check if the user entered password
is already in history. I
get a error "Invalid Credentials" when I try to use a password that is
in history. I know there
is a LDAP attribute "PasswordHistory" and "PasswordInHistory" but I
don't know which objectclass
they belong to. I see the "PasswordHistory" attribute in the user
advanced properties window but it
does not have any value. One other question, if this is the only way
to check if the password
exists in history, how do I add this attribute to my schema?
Your help would be greatly apprecited.
Regards
Allan
------------------------------------------------------------------------
Do you Yahoo!?
Yahoo! Tax Center
<http://rd.yahoo.com/finance/mailtagline/*http://taxes.yahoo.com/> -
forms, calculators, tips, and more
--
Ludovic Poitou
Sun Microsystems Inc.
Sun ONE products - Directory Server Group - Grenoble - France
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext