[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password History check in openldap
Am Mon, 9 Jun 2014 18:51:50 +0530
schrieb scor z <mr.scorpioz@gmail.com>:
> Password History check in openldap not working when I am using SHA-256
> password hashing in openldap.
>
> So I am sending clear text password from my java application to
> openLDAP and it is storing as SHA-256 hashed form on its own.
> whenever I am changing password, openLDAP is storing the previous
> password in pwdHistory.
> There is no problem in that but when I am changing password with the
> same password previously used it is taking up without throwing any
> error. I am struggling to make it work for few weeks. Please somebody
> help me.
>
> My environment details:
> OpenLDAP 2.4.38
> RHEL 6
>
> Following details also mentioned in slapd.conf
>
> include ../etc/openldap/schema/ppolicy.schema
> password-hash {SHA256}
> overlay ppolicy
> ppolicy_default "cn=default,ou=pwdpolicies,dc=my-domain,dc=com"
> ppolicy_hash_cleartext
>
> my password policy:
> dn: cn=Default,ou=pwdpolicies,dc=my-domain,dc=com
> objectClass: pwdPolicy
> objectClass: person
> objectClass: top
> cn: Default
> sn: Default
> pwdAttribute: userPassword
> pwdMinAge: 0
> pwdInHistory: 5
> pwdFailureCountInterval: 0
> pwdLockout: TRUE
> pwdLockoutDuration: 0
> pwdAllowUserChange: TRUE
> pwdExpireWarning: 0
> pwdGraceAuthNLimit: 0
> pwdMustChange: FALSE
> pwdSafeModify: FALSE
>
> Kindly let me know if I have to give me more information to nail down
> the issue. Please Please Please someone help me on this. I am badly
> need a solution on this.
slapd has no knowledge of the hashing scheme {SHA2} unless you have
build and included an appropriate module, ie.
contrib/slapd-modules/passwd/sha2/
-Dieter
--
Dieter KlÃnter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53Â37'09,95"N
10Â08'02,42"E