答复: Forbidden account password reuse of the last 5 password

To: "'Matthieu Cerda'" <matthieu.cerda@nbs-system.com>, <openldap-technical@openldap.org>

Subject: 答复: Forbidden account password reuse of the last 5 password

From: "Tian Zhiying" <tianzy1225@thundersoft.com>

Date: Thu, 14 Feb 2019 19:17:14 +0800

Content-language: zh-cn

In-reply-to: <be1ba438-111e-fe12-1913-c3c5b054c948@nbs-system.com>

References: <012201d4c432$c27c4540$4774cfc0$@thundersoft.com> <7a5f1de3-8af1-8ca1-200a-e5c36213d89b@nbs-system.com> <be1ba438-111e-fe12-1913-c3c5b054c948@nbs-system.com>

Thread-index: AQHSdmEhjiQLsDdPfw/q+0IhOCIApAEQwYQNAaacs5elzfpaUA==

Hi Matthieu,

Thank you for your reply.

I have set the "pwdInHistory" attribute to 5 in password policy and set forbidden their reuse in config.inc.php of Self Service Password. As below shown:

cid:image001.jpg@01D4C495.FA7CC880

cid:image003.png@01D4C495.E6882400

But it seems not working, my password is following:

First time password: AAbb1122

Second time password: CCdd3344

Third time password: AAbb1122, same with the first time password, it has been modified successfully.

Thanks

-----邮件原件-----
发件人: openldap-technical [mailto:openldap-technical-bounces@openldap.org] 代表 Matthieu Cerda
发送时间: 2019年2月14日 17:38
收件人: openldap-technical@openldap.org
主题: Re: Forbidden account password reuse of the last 5 password

You may set the "pwdInHistory" attribute to 5 to store the last 5 passwords used, and forbid their reuse.

Le 14/02/2019 à 10:35, Matthieu Cerda a écrit :

> Yes, you might want to use the password policy (ppolicy) overlay:

> https://kb.symas.com/v2.4.45.2/man5/slapo-ppolicy/

> Le 14/02/2019 à 07:58, Tian Zhiying a écrit :

>> Hi

>> Is there a feature that OpenLDAP password policy can forbidden user password reuse of the last 5 password?

>> Thanks.

Matthieu Cerda

Infrastructure, BU Means @ NBS System