we HAD a password history setting with ppolicy to store 10 passwords in history, and that worked fine.  Now, our policy has changed and only the last 4 passwords can't be used but when I try to change to a password that I know was not in the last 4 password changes I'm told that the password exists in my history.  looking at an ldif dump my user has 10 pwdHistory entries but shouldn't the change in policy cause slapd to only look at my last 4 most recent pwdHistory entries, because it's certainly not doing so.  do I have to dump the ldap into an ldif, remove pwdHistory entries, and reload it to make the password history stuff work correctly?  version of slapd is 2.4.45.