Re: Password History check in openldap

[Michael <mlstarling31@hotmail.com>]

Which user are you setting the password with? Remember that the "Admin" user is not subject to the policy.



> On Jun 9, 2014, at 9:42 AM, "scor z" <mr.scorpioz@gmail.com> wrote:
> 
> 	
> Password History check in openldap not working when I am using SHA-256 password hashing in openldap.
> 
> So I am sending clear text password from my java application to openLDAP and it is storing as SHA-256 hashed form on its own.
> whenever I am changing password, openLDAP is storing the previous password in pwdHistory.
> There is no problem in that but when I am changing password with the same password previously used it is taking up without throwing any error.
> I am struggling to make it work for few weeks. Please somebody help me.
> 
> My environment details:
>  OpenLDAP 2.4.38
>  RHEL 6
>  
> Following details also mentioned in slapd.conf
> 
> include         ../etc/openldap/schema/ppolicy.schema
> password-hash   {SHA256}
> overlay ppolicy
> ppolicy_default "cn=default,ou=pwdpolicies,dc=my-domain,dc=com"
> ppolicy_hash_cleartext
> 
> my password policy:
> dn: cn=Default,ou=pwdpolicies,dc=my-domain,dc=com
> objectClass: pwdPolicy
> objectClass: person
> objectClass: top
> cn: Default
> sn: Default
> pwdAttribute: userPassword
> pwdMinAge: 0
> pwdInHistory: 5
> pwdFailureCountInterval: 0
> pwdLockout: TRUE
> pwdLockoutDuration: 0
> pwdAllowUserChange: TRUE
> pwdExpireWarning: 0
> pwdGraceAuthNLimit: 0
> pwdMustChange: FALSE
> pwdSafeModify: FALSE
> 
> Kindly let me know if I have to give me more information to nail down the issue. Please Please Please someone help me on this. I am badly need a solution on this.