yeah, just found that in the CHANGE file for 2.4. thanks. and that's why I had asked the other question about the 2.4 vs 2.5 database format and servers. figured if I have to update anyway (and should, granted) I should do it to 2.5 but didn't necessarily want to take on a weekends worth of work if I could get away with doing it bit by bit over time.
---
Regards,
Kevin Martin
On Thu, Aug 19, 2021 at 12:33 PM Quanah Gibson-Mount quanah@symas.com wrote:
--On Thursday, August 19, 2021 1:17 PM -0500 kevin martin ktmdms@gmail.com wrote:
we HAD a password history setting with ppolicy to store 10 passwords in history, and that worked fine. Now, our policy has changed and only the last 4 passwords can't be used but when I try to change to a password that I know was not in the last 4 password changes I'm told that the password exists in my history. looking at an ldif dump my user has 10 pwdHistory entries but shouldn't the change in policy cause slapd to only look at my last 4 most recent pwdHistory entries, because it's certainly not doing so. do I have to dump the ldap into an ldif, remove pwdHistory entries, and reload it to make the password history stuff work correctly? version of slapd is 2.4.45.
This is https://bugs.openldap.org/show_bug.cgi?id=8349
Fixed in OpenLDAP 2.4.48. I strongly advise upgrading to current supported release for many reasons.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com