[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: password-policy configuration problems: cannot change passwords
Hello,
Indeed, I've changed the olcPasswordHash setting.
And what kind of software "sends an appropriate ModifyRequest with MOD_REPLACE" ?
Ldapmodify -D cn=username,dc=domain,dc=tld -W
dn: cn=username,dc=domain,dc=tld
changetype: modify
replace: userPassword
userPassword: TheNewValue
Is this a MOD_REPLACE request?
Best regards,
Marco Weber
-----Original Message-----
From: Michael Ströder [mailto:michael@stroeder.com]
Sent: Sonntag, 16. Oktober 2011 20:22
To: Marco Weber
Cc: openldap-technical@openldap.org
Subject: Re: password-policy configuration problems: cannot change passwords
Marco Weber wrote:
> |ldappasswd -D cn=username,dc=domain,dc=tld -S -W |
>
> |New password: ******** |
>
> |Re-enter new password: ******** |
>
> |Enter LDAP Password: ******** |
>
> |Result: Constraint violation (19) |
>
> |Additional info: Password policy only allows one password value |
I experienced the same issue with slapo-ppolicy in effect. I suspect it's caused if password-hash configuration directive was changed but up to now I did not dig any deeper.
It helps to have some software at hand which sends an appropriate ModifyRequest with MOD_REPLACE userPassword attribute value with updated password hash scheme. After that the Password Modify Extended Operation (like used by ldappasswd) works again.
Ciao, Michael.