Hello all,
I'm working on Self-service application and want to prevent user from
re-using old passwords. What is correct way to chage password takin in mind
password history?
I guess it is:
1. Bind with special user and check if specified uid exists
2. Bind using user-supplied uid and password
3. Get password policy, history etc. and validate on selfservice-side
4. Execute LDAP modifyRequest with single item: userPassword and value of
new hashed password.
In my case same password gives same hash. Are there any way to force
encrypted password history validation on server side?
Thank you.
--
Bogdan Rudas
Head of Minsk IT Support Department
Exadel Inc.
http://www.exadel.com/
E-mail: brudas(a)exadel.com <mandrushkevich(a)exadel.com>
Skype ID: bogdan.rudas
--
CONFIDENTIALITY NOTICE: This email and files attached to it are
confidential. If you are not the intended recipient you are hereby notified
that using, copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited. If you have received
this email in error please notify the sender and delete this email.