[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ppolicy - password history



Hi, 

I try password history checking in OpenLDAP 2.3.32 and change user
password using LDAP browser.

When I enterer repaeted cleartext password then ppolicy returned
expected decline "Password is in history of old passwords". But by
password changing to any encrypted value ( the same password two and
more times) OpenLDAP doesn't verify old password. 

In log-file I found similar info about password changing for both cases:

Jan 18 13:25:15 KS-Test-1 slapd[5478]: acl: internal mod pwdHistory:
modify access granted
Jan 18 13:25:15 KS-Test-1 slapd[5478]: acl: internal mod pwdHistory:
modify access granted
Jan 18 13:25:15 KS-Test-1 slapd[5478]: bdb_modify_internal: delete
pwdHistory
Jan 18 13:25:15 KS-Test-1 slapd[5478]: bdb_modify_internal: add
pwdHistory
Jan 18 13:25:15 KS-Test-1 slapd[5478]: oc_check_allowed type
"pwdHistory"


Slapd.conf : 
....
....

moduleload ppolicy.la
overlay ppolicy
ppolicy_default "cn=std,ou=ppolicy,ou=users,ou=trm"
ppolicy_hash_cleartext
ppolicy_use_lockout






What's your thing?




Andris