[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pwdHistory, encrypted passwords and selfservice application

To: openldap-technical@openldap.org
Subject: Re: pwdHistory, encrypted passwords and selfservice application
From: Clément OUDOT <clement.oudot@savoirfairelinux.com>
Date: Fri, 30 Oct 2015 09:37:20 +0100
In-reply-to: <CAO+XWgmSA6UYwSAQmdAE83sHh_Sn7p9J1x5Mn1EaZJNPDUMzVw@mail.gmail.com>
Organization: Savoir-Faire Linux
References: <CAO+XWgmSA6UYwSAQmdAE83sHh_Sn7p9J1x5Mn1EaZJNPDUMzVw@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0



Le 29/10/2015 11:18, Bogdan Rudas a écrit :

Hello all,
I'm working on Self-service application and want to prevent user fromre-using old passwords. What is correct way to chage password takin inmind password history?
I guess it is:

1. Bind with special user and check if specified uid exists
2. Bind using user-supplied uid and password
3. Get password policy, history etc. and  validate on selfservice-side
4. Execute LDAP modifyRequest with single item: userPassword and valueof new hashed password.
In my case same password gives same hash. Are there any way to forceencrypted password history validation on server side?

Hi,

just for information, if you are looking for a self service application,you can checkhttp://ltb-project.org/wiki/documentation/self-service-password/latest/start

But as it is written in PHP, it does not use the ppolicy control (notyet implemented in PHP-LDAP API).


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux

References:
- pwdHistory, encrypted passwords and selfservice application
  - From: Bogdan Rudas <brudas@exadel.com>

Prev by Date: Re: Migrate from openldap 2.2 to 2.4 issue
Next by Date: Re: "memberof" function for memberUid attribute.
Index(es):
- Chronological
- Thread