[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password-policy configuration problems: cannot change passwords



Marco Weber wrote:
> |ldappasswd -D cn=username,dc=domain,dc=tld -S -W  |
> 
> |New password: ********  |
> 
> |Re-enter new password: ********  |
> 
> |Enter LDAP Password: ********  |
> 
> |Result: Constraint violation (19)  |
> 
> |Additional info: Password policy only allows one password value  |

I experienced the same issue with slapo-ppolicy in effect. I suspect it's
caused if password-hash configuration directive was changed but up to now I
did not dig any deeper.

It helps to have some software at hand which sends an appropriate
ModifyRequest with MOD_REPLACE userPassword attribute value with updated
password hash scheme. After that the Password Modify Extended Operation (like
used by ldappasswd) works again.

Ciao, Michael.