[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8552) Strange behaviour of attribute using password policy overlay

To: openldap-its@OpenLDAP.org
Subject: (ITS#8552) Strange behaviour of attribute using password policy overlay
From: a.rossini@cineca.it
Date: Mon, 19 Dec 2016 08:29:22 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Angelo Rossini
Version: OpenLDAP-LTB 2.4.44.1
OS: Debian 8 x86-64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (130.186.19.204)


Hi,

I'm using the password policy overlay with this configuration:

pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdCheckModule: /usr/local/openldap/lib64/check_password.so
pwdCheckQuality: 2
pwdExpireWarning: 432000
pwdFailureCountInterval: 300
pwdGraceAuthNLimit: 0
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 120
pwdMaxAge: 63072000
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 8
pwdMustChange: TRUE
pwdSafeModify: TRUE

When I try to change the password and the password is one of the last five in
history I find that attributes pwdChangedTime and modifyTimestamp have changed
their values.

I think that this behaviour is quite strange, because I haven't changed anything
on the entry.

Can someone explain me if is possible to avoid this behaviour?

Regards,

Angelo.

Prev by Date: Re: (ITS#8551) allow bind_anon_cred in slapd.conf does not work
Next by Date: (ITS#8553) LMDB Windows UWP Patch
Index(es):
- Chronological
- Thread