2015-03-19 12:28 GMT+01:00 Esther Garcia fulletverde@gmail.com:
Hi Clément,
Thanks for your fast reply.
Users change their passwords from a client using the passwd command.
For example, we can see the pwdHistory entries for this test user:
dn: uid=test1,ou=People,dc=test,dc=es structuralObjectClass: account entryUUID: 555c6cda-42b1-1031-9c5a-c117d5dee54e creatorsName: cn=Administrador,dc=test,dc=es createTimestamp: 20120604165154Z pwdHistory: 20150318163116Z#1.3.6.1.4.1.1466.115.121.1.40#41#{crypt}$1$V1b0jbs R$lT.LD2PFakjfgg9d/BP2gY/ pwdHistory: 20150318163144Z#1.3.6.1.4.1.1466.115.121.1.40#41#{CRYPT}$1$AdfsWnq p$6haOPh3AM6McehZPwwqig0 pwdHistory: 20150318163236Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}LVhNB455UYC O8nljcwf7KVqOkjsDgUdjf pwdHistory: 20150318163324Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}YBWieVAaj6s QcrQNAqT7i2kmebQ2+k5s pwdHistory: 20150318163348Z#1.3.6.1.4.1.1466.115.121.1.40#41#{crypt}$1$C5F1iK2 y$0jk2K8skjjoKhGsBN5JUdsM1 pwdChangedTime: 20150318163348Z entryCSN: 20150318163348.185046Z#000000#001#000000 modifiersName: uid=test1,ou=People,dc=test,dc=es modifyTimestamp: 20150318163348Z entryDN: uid=test1,ou=People,dc=test,dc=es subschemaSubentry: cn=Subschema hasSubordinates: FALSE
In this example, the pwdHistory entries with {CRYPT} passwords belong to the passwords changed by the user from the client (using the passwd command). And the entries with {SSHA} passwords belong to password changed from the LDAP server by the admin user.
You should configure your client to not crypt password. See pam_password parameter in PAM LDAP configuration.
Clément.