Tian Zhiying writes:
Is there a feature that OpenLDAP password policy can forbidden user password reuse of the
last 5 password?
Better use kerberos for advanced password policy requirements. You can
use SASL to bridge LDAP's userPassword checking to a kerberos backend so
everything still work and much safer.