yeah, just found that in the CHANGE file for 2.4. thanks.  and that's why I had asked the other question about the 2.4 vs 2.5 database format and servers.  figured if I have to update anyway (and should, granted) I should do it to 2.5 but didn't necessarily want to take on a weekends worth of work if I could get away with doing it bit by bit over time.



Kevin Martin

On Thu, Aug 19, 2021 at 12:33 PM Quanah Gibson-Mount <> wrote:

--On Thursday, August 19, 2021 1:17 PM -0500 kevin martin
<> wrote:

> we HAD a password history setting with ppolicy to store 10 passwords in
> history, and that worked fine.  Now, our policy has changed and only the
> last 4 passwords can't be used but when I try to change to a password
> that I know was not in the last 4 password changes I'm told that the
> password exists in my history.  looking at an ldif dump my user has 10
> pwdHistory entries but shouldn't the change in policy cause slapd to only
> look at my last 4 most recent pwdHistory entries, because it's certainly
> not doing so.  do I have to dump the ldap into an ldif, remove
> pwdHistory entries, and reload it to make the password history stuff work
> correctly?  version of slapd is 2.4.45.

This is <>

Fixed in OpenLDAP 2.4.48.  I strongly advise upgrading to current supported
release for many reasons.



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: