[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: password-policy configuration problems: cannot change passwords

I've used slapppasswd. The password was something like: {SSHA}xxxxxxxxxxxxxxxx

Some time ago, before having applied the password policy settings, i've changed the olcPasswordHash FROM {MD5} to {SSHA}.
Almost all users should now have {SSHA} passwords.

-----Original Message-----
From: Michael Ströder [mailto:michael@stroeder.com] 
Sent: Donnerstag, 27. Oktober 2011 09:20
To: Marco Weber
Cc: openldap-technical@openldap.org
Subject: Re: password-policy configuration problems: cannot change passwords

Marco Weber wrote:
> Ok, I've changed the password:
> ldapmodify -D cn=username,dc=domain,dc=tld -W
> dn: cn=username,dc=domain,dc=tld
> changetype: modify
> replace: userPassword
> userPassword: TheNewValue
> then i tried to change the password using ldappasswd:
> ldappasswd -D cn=username,dc=domain,dc=tld -S -W New password:
> Re-enter new password:
> Enter LDAP Password:
> Result: Constraint violation (19)
> Additional info: Password policy only allows one password value

What was TheNewValue? If you have password-hash {SSHA} this has to be a pre-hashed password. Use slappasswd to generate one.

Ciao, Michael.