Sorry Patric, Maybe the reference that I have is wrong, I’m using the book “Mastering OpenLDAP” by Matt Butcher that in chapter 6 at pag 323 says “if you store password in
plain text in the directory then the policy overlay can be configured to maintain a password history”. Now I’m using
http://www.openldap.org/software/man.cgi?query=slapo-ppolicy&apropos=0&sektion=5&manpath=OpenLDAP+2.3-Release&format=html as reference for ppolicy. My authentication error was a trivial problem on an objectClass: posixAccount. Now I’m testing with SHA stored
passwords the pwdInHistory directive. Thanks for the suggestions, Regards Francesco From: openldap-technical-bounces@OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Patrick Hemmer
2012/6/20 Francesco Belli <Francesco.Belli@vegaspace.com>:
Password scheme used in LDAP directory do not prevent any application
to authenticate to LDAP. Dig into logs to see what is the real reason
of your problem.
Clément.
In addition, it is not true that the password must be stored in cleartext for pwdCheckQuality and pwdInHistory to work. Storing passwords in cleartext is bad. |