Hi,
think I found the reason why changing the password didn't work and I think it's a bug.
If the password policy overlay is used slapd needs to be restarted every time the olcPasswordHash parameter changes.
For example change the olcPasswordHash from {SHA} to {SSHA}. Changing the password via ldappasswd now causes the error mentioned below. Just restart slapd and the password can be changed again by ldappasswd.
Change the olcPasswordHash back from {SSHA} to {SHA} ldappasswd can't change the password until slapd is restarted once more.
Changing the olcPasswordHash and immediately changing it back without a restart doesn't work either.
Regards Joke
On Thursday 13 June 2013 23:40:37 you wrote:
Hi,
I activated the password policy overlay but every time I try to update the password using ldappassw I get this error message:
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 Result: Constraint violation (19) Additional info: Password policy only allows one password value
The user account has it attribute pwdPolicySubentry set to the policy listed below. The original account had multiple userPassword values with different hashes but I deleting every attribute userPassword but the last one didn't help. Deleting all userPassword attributes didn't work either. ldappasswd always returns the error.
Any idea what causes the problem or what setting to check?
Regards Joke
dn: cn=person,ou=policies,dc=seiken,dc=de objectClass: top objectClass: person objectClass: pwdPolicy cn: person pwdAttribute: userPassword sn: -none- description: password policy designed for real people logins pwdAllowUserChange: TRUE pwdCheckQuality: 1 pwdExpireWarning: 2592000 pwdFailureCountInterval: 5 pwdGraceAuthNLimit: 3 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 3600 pwdMaxAge: 7776000 pwdMaxFailure: 60 pwdMinAge: 0 pwdMinLength: 5 pwdMustChange: TRUE pwdSafeModify: FALSE