Password History check in openldap

[scor z <mr.scorpioz@gmail.com>]

Password History check in openldap not working when I am using SHA-256 password hashing in openldap.

So I am sending clear text password from my java application to openLDAP and it is storing as SHA-256 hashed form on its own.

whenever I am changing password, openLDAP is storing the previous password in pwdHistory.

There is no problem in that but when I am changing password with the same password previously used it is taking up without throwing any error.

I am struggling to make it work for few weeks. Please somebody help me.

My environment details:

ÂOpenLDAP 2.4.38

ÂRHEL 6

Â

Following details also mentioned in slapd.conf

include     ../etc/openldap/schema/ppolicy.schema

password-hash  {SHA256}

overlay ppolicy

ppolicy_default "cn=default,ou=pwdpolicies,dc=my-domain,dc=com"

ppolicy_hash_cleartext

my password policy:

dn: cn=Default,ou=pwdpolicies,dc=my-domain,dc=com

objectClass: pwdPolicy

objectClass: person

objectClass: top

cn: Default

sn: Default

pwdAttribute: userPassword

pwdMinAge: 0

pwdInHistory: 5

pwdFailureCountInterval: 0

pwdLockout: TRUE

pwdLockoutDuration: 0

pwdAllowUserChange: TRUE

pwdExpireWarning: 0

pwdGraceAuthNLimit: 0

pwdMustChange: FALSE

pwdSafeModify: FALSE

Kindly let me know if I have to give me more information to nail down the issue. Please Please Please someone help me on this. I am badly need a solution on this.