[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy: pwdInHistory attribute

To: Esther Garcia <fulletverde@gmail.com>
Subject: Re: ppolicy: pwdInHistory attribute
From: Clément OUDOT <clem.oudot@gmail.com>
Date: Thu, 19 Mar 2015 08:51:29 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=6aN8bHJwOBafrS7ABlfqbHUJC74Bm3hPpWmqbL1ZQqs=; b=Fy4qgA2MjxqAtqTYPbFvD7y9cSNSCRkC8eryhpkQv4XPHWh2NHOPrE+k95yBfwWiUI z/0tlEDIEzjqxY6IwmwvKRC6mQVyIxrxLBvGoOnv0dmUWPeP1DjSxKbvDVI4YPB3trbK dY7XCdrLek0Gb2VhOPSNLGE/7r1zto8Vdsi4h/sFwLJCXlxxhACIMqvUNIo5wIdGfUH/ nCnMJFMOvXtVl6p+EK6qmtRg5w6Aw+11y1oyi4k5eGNk6QveTSwThNG3q1d7Zi/Usy1B EY5kXewf1OAue5OBL0U+xCu9nfRfd4ejZYm1KmuP7d2pLF6nMKQeSRyHLF6N5BWHz5fp MGCg==
In-reply-to: <CAKS0CrbjJe-ZWxvo77LpPa3jPQ78oETVD0XBuammYfkFMQZ9UA@mail.gmail.com>
References: <CAKS0CrbjJe-ZWxvo77LpPa3jPQ78oETVD0XBuammYfkFMQZ9UA@mail.gmail.com>

2015-03-18 18:21 GMT+01:00 Esther Garcia <fulletverde@gmail.com>:
> Hello,
>
> We have installed an openldap server 2.4.23-34 on RHEL 6.5 with ppolicy
> enabled.
>
> # Standard, Policies
> dn: cn=Standard,ou=Policies,dc=test,dc=es
> cn: Standard
> description: Standard password policy.
> pwdAttribute: userPassword
> pwdCheckQuality: 1
> pwdMinLength: 8
> pwdLockout: TRUE
> pwdMustChange: TRUE
> pwdAllowUserChange: TRUE
> objectClass: device
> objectClass: pwdPolicy
> pwdSafeModify: FALSE
> pwdFailureCountInterval: 3
> pwdGraceAuthNLimit: 0
> pwdLockoutDuration: 1200
> pwdMaxFailure: 10
> pwdMinAge: 10
> pwdMaxAge: 31536000
> pwdExpireWarning: 0
> pwdInHistory: 5
>
>
> All ppolicy attributtes except pwdInHistory are working. We store passwords
> encrypted in the directory.
>
> Is there any way to have pwdInHistory attribute working with encrypted
> passwords stored in the directory?
>

It won't work if the password modification is done with an encrypted
password, or when it is done as rootdn. Are you in one of this case?

Moreover, your version is quite old and you are encouraged to upgrade.


Clément.

Follow-Ups:
- Re: ppolicy: pwdInHistory attribute
  - From: Esther Garcia <fulletverde@gmail.com>

References:
- ppolicy: pwdInHistory attribute
  - From: Esther Garcia <fulletverde@gmail.com>

Prev by Date: Re: what is wrong with my permissions?
Next by Date: Re: ppolicy: pwdInHistory attribute
Index(es):
- Chronological
- Thread