Re: password-policy configuration problems: cannot change passwords

Marco Weber wrote:

|ldappasswd -D cn=username,dc=domain,dc=tld -S -W |

|New password: ******** |

|Re-enter new password: ******** |

|Enter LDAP Password: ******** |

|Result: Constraint violation (19) |

|Additional info: Password policy only allows one password value |

I experienced the same issue with slapo-ppolicy in effect. I suspect it's caused if password-hash configuration directive was changed but up to now I did not dig any deeper.

It helps to have some software at hand which sends an appropriate ModifyRequest with MOD_REPLACE userPassword attribute value with updated password hash scheme. After that the Password Modify Extended Operation (like used by ldappasswd) works again.

Ciao, Michael.