[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8552) Strange behaviour of attribute using password policy overlay

Full_Name: Angelo Rossini
Version: OpenLDAP-LTB
OS: Debian 8 x86-64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


I'm using the password policy overlay with this configuration:

pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdCheckModule: /usr/local/openldap/lib64/check_password.so
pwdCheckQuality: 2
pwdExpireWarning: 432000
pwdFailureCountInterval: 300
pwdGraceAuthNLimit: 0
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 120
pwdMaxAge: 63072000
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 8
pwdMustChange: TRUE
pwdSafeModify: TRUE

When I try to change the password and the password is one of the last five in
history I find that attributes pwdChangedTime and modifyTimestamp have changed
their values.

I think that this behaviour is quite strange, because I haven't changed anything
on the entry.

Can someone explain me if is possible to avoid this behaviour?