Thanks, I will try with 2.4.41 and let you know. I may not get a chance
to test until this weekend.
Relevant output from slapcat:
dn: uid=ian,ou=UserAccounts,o=cwa
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: ldapPublicKey
givenName: Ian
displayName: Ian Bishop
uid: ian
homeDirectory: /home/ian
loginShell: /bin/bash
cn: Ian Bishop
structuralObjectClass: inetOrgPerson
entryUUID: 767c952c-c867-1034-933d-53d15af42765
creatorsName: cn=admin,o=cwa
createTimestamp: 20150727045535Z
gidNumber: 1000
sn: Bishop
uidNumber: 10000
userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
pwdChangedTime: 20150729140556Z
pwdHistory:
20150729140556Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}xxxxxxxxxx
entryCSN: 20150729140556.659729Z#000000#000#000000
modifiersName: cn=admin,o=cwa
modifyTimestamp: 20150729140556Z
dn: cn=passwordDefault,ou=policies,o=cwa
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: passwordDefault
sn: passwordDefault
pwdAttribute: userPassword
pwdCheckQuality: 0
pwdMinAge: 0
pwdMaxAge: 0
pwdMaxFailure: 3
pwdFailureCountInterval: 0
pwdLockout: TRUE
pwdAllowUserChange: TRUE
pwdExpireWarning: 0
pwdGraceAuthNLimit: 0
pwdMustChange: FALSE
pwdSafeModify: TRUE
structuralObjectClass: person
entryUUID: 3314dc02-ca3f-1034-825a-9d42205b22be
creatorsName: cn=config
createTimestamp: 20150729131225Z
pwdMinLength: 6
pwdLockoutDuration: 300
pwdInHistory: 1
entryCSN: 20150729135535.164545Z#000000#000#000000
modifiersName: cn=admin,o=cwa
modifyTimestamp: 20150729135535Z
On 30/07/15 03:01, Michael Ströder wrote:
porjo38(a)yahoo.com.au wrote:
> Using password policy overlay, pwdMinLength is not checked when pwdInHistory ==
> 0.
I tried to reproduce this with my local OpenLDAP 2.4.41 installation.
In one case I thought to see this but I could not reproduce all the time.
Maybe there's another condition for this to happen.
Could you please also test with release 2.4.41?
And please also post the entry with the password (and relevant pwd* attrs) and
the pwdPolicy entry used, both as LDIF (minus sensitive data).
Ciao, Michael.