Re: (ITS#8207) ppolicy: pwdMinLength not checked if pwdInHistory == 0

Wednesday, 29 July 2015

Thanks, I will try with 2.4.41 and let you know. I may not get a chance 
to test until this weekend.

Relevant output from slapcat:

dn: uid=ian,ou=UserAccounts,o=cwa
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: ldapPublicKey
givenName: Ian
displayName: Ian Bishop
uid: ian
homeDirectory: /home/ian
loginShell: /bin/bash
cn: Ian Bishop
structuralObjectClass: inetOrgPerson
entryUUID: 767c952c-c867-1034-933d-53d15af42765
creatorsName: cn=admin,o=cwa
createTimestamp: 20150727045535Z
gidNumber: 1000
sn: Bishop
uidNumber: 10000
userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
pwdChangedTime: 20150729140556Z
pwdHistory: 
20150729140556Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}xxxxxxxxxx
entryCSN: 20150729140556.659729Z#000000#000#000000
modifiersName: cn=admin,o=cwa
modifyTimestamp: 20150729140556Z

dn: cn=passwordDefault,ou=policies,o=cwa
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: passwordDefault
sn: passwordDefault
pwdAttribute: userPassword
pwdCheckQuality: 0
pwdMinAge: 0
pwdMaxAge: 0
pwdMaxFailure: 3
pwdFailureCountInterval: 0
pwdLockout: TRUE
pwdAllowUserChange: TRUE
pwdExpireWarning: 0
pwdGraceAuthNLimit: 0
pwdMustChange: FALSE
pwdSafeModify: TRUE
structuralObjectClass: person
entryUUID: 3314dc02-ca3f-1034-825a-9d42205b22be
creatorsName: cn=config
createTimestamp: 20150729131225Z
pwdMinLength: 6
pwdLockoutDuration: 300
pwdInHistory: 1
entryCSN: 20150729135535.164545Z#000000#000#000000
modifiersName: cn=admin,o=cwa
modifyTimestamp: 20150729135535Z

On 30/07/15 03:01, Michael Ströder wrote:
...
 porjo38(a)yahoo.com.au wrote:
> Using password policy overlay, pwdMinLength is not checked when pwdInHistory ==
> 0.

 I tried to reproduce this with my local OpenLDAP 2.4.41 installation.
 In one case I thought to see this but I could not reproduce all the time.
 Maybe there's another condition for this to happen.

 Could you please also test with release 2.4.41?

 And please also post the entry with the password (and relevant pwd* attrs) and
 the pwdPolicy entry used, both as LDIF (minus sensitive data).

 Ciao, Michael.

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006