2015-03-18 18:21 GMT+01:00 Esther Garcia fulletverde@gmail.com:
Hello,
We have installed an openldap server 2.4.23-34 on RHEL 6.5 with ppolicy enabled.
# Standard, Policies dn: cn=Standard,ou=Policies,dc=test,dc=es cn: Standard description: Standard password policy. pwdAttribute: userPassword pwdCheckQuality: 1 pwdMinLength: 8 pwdLockout: TRUE pwdMustChange: TRUE pwdAllowUserChange: TRUE objectClass: device objectClass: pwdPolicy pwdSafeModify: FALSE pwdFailureCountInterval: 3 pwdGraceAuthNLimit: 0 pwdLockoutDuration: 1200 pwdMaxFailure: 10 pwdMinAge: 10 pwdMaxAge: 31536000 pwdExpireWarning: 0 pwdInHistory: 5
All ppolicy attributtes except pwdInHistory are working. We store passwords encrypted in the directory.
Is there any way to have pwdInHistory attribute working with encrypted passwords stored in the directory?
It won't work if the password modification is done with an encrypted password, or when it is done as rootdn. Are you in one of this case?
Moreover, your version is quite old and you are encouraged to upgrade.
Clément.