yeah, just found that in the CHANGE file for 2.4. thanks. and that's why I had asked the other question about the 2.4 vs 2.5 database format and servers. figured if I have to update anyway (and should, granted) I should do it to 2.5 but didn't necessarily want to take on a weekends worth of work if I could get away with doing it bit by bit over time.

---

Regards,

Kevin Martin

On Thu, Aug 19, 2021 at 12:33 PM Quanah Gibson-Mount <quanah@symas.com> wrote:

--On Thursday, August 19, 2021 1:17 PM -0500 kevin martin
<ktmdms@gmail.com> wrote:

>
>
> we HAD a password history setting with ppolicy to store 10 passwords in
> history, and that worked fine. Now, our policy has changed and only the
> last 4 passwords can't be used but when I try to change to a password
> that I know was not in the last 4 password changes I'm told that the
> password exists in my history. looking at an ldif dump my user has 10
> pwdHistory entries but shouldn't the change in policy cause slapd to only
> look at my last 4 most recent pwdHistory entries, because it's certainly
> not doing so. do I have to dump the ldap into an ldif, remove
> pwdHistory entries, and reload it to make the password history stuff work
> correctly? version of slapd is 2.4.45.

This is <https://bugs.openldap.org/show_bug.cgi?id=8349>

Fixed in OpenLDAP 2.4.48. I strongly advise upgrading to current supported
release for many reasons.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>