[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy acting strange

To: OpenLDAP-software@OpenLDAP.org
Subject: ppolicy acting strange
From: Jim Boden <jboden508@yahoo.com>
Date: Tue, 20 Dec 2005 11:17:59 -0800 (PST)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=6WzZ28lhCIc4L8GQVY9ZgDpcLziJUaKBvUTeg2MW2i4eogFvpezthnwT11sA7KArVEVfPSSesDwef9vv8tCISoL/ARLPfzu2ks9PNYHonPpGLbycBSr3El623rTXia2jokM9WM2TdKL2nsq9uNcXphfd2xK4gdoJ9Xcc6w4+/k4= ;

Hi,
  
  I see some of the ppolicy overlay working as expected, but other parts  not quite. Hopefully someone here has an idea of what I did wrong.
  
  I configured a default ppolicy as in the tests. I set the pwdInHistory  to 6. I then keep changing the password for a user. Because I'm using  padl, I bind as an ldap user that has write perms to the full db, but  I'm not using the rootdn. 
  
  The pwdMinLength test does work correctly and I have pwdCheckQuality  equal to 2. I set the password-hash to {MD5}. As I keep changing the  password, the number of pwdHistory entries keeps growing. There are 20  in there now. 
  
  So that seems strange. But it also lets me re-use a password I have  used previously. With MD5, the hashes are identical for the same pwd so  I see the old hash in one of the pwdHistory entries, but it still  works. 
  
  Any idea why it does not fail on a re-used password?
  
  This is version 2.3.13.
  
  Thanks,
  Jim
   

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Follow-Ups:
- Re: ppolicy acting strange
  - From: Kevin Spicer <kevins@bmrb.co.uk>

Prev by Date: Re: OpenLDAP 2.3.13: slave slapd doesn't start after adding updatedn
Next by Date: Re: Openldap 2.3.11 cannot autorecover from abnormal shutdown.
Index(es):
- Chronological
- Thread