--On Thursday, August 19, 2021 1:17 PM -0500 kevin martin
<ktmdms@gmail.com> wrote:
>
>
> we HAD a password history setting with ppolicy to store 10 passwords in
> history, and that worked fine. Now, our policy has changed and only the
> last 4 passwords can't be used but when I try to change to a password
> that I know was not in the last 4 password changes I'm told that the
> password exists in my history. looking at an ldif dump my user has 10
> pwdHistory entries but shouldn't the change in policy cause slapd to only
> look at my last 4 most recent pwdHistory entries, because it's certainly
> not doing so. do I have to dump the ldap into an ldif, remove
> pwdHistory entries, and reload it to make the password history stuff work
> correctly? version of slapd is 2.4.45.
This is <https://bugs.openldap.org/show_bug.cgi?id=8349>
Fixed in OpenLDAP 2.4.48. I strongly advise upgrading to current supported
release for many reasons.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>