I've used slapppasswd. The password was something like: {SSHA}xxxxxxxxxxxxxxxx
Some time ago, before having applied the password policy settings, i've changed the olcPasswordHash FROM {MD5} to {SSHA}. Almost all users should now have {SSHA} passwords.
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Donnerstag, 27. Oktober 2011 09:20 To: Marco Weber Cc: openldap-technical@openldap.org Subject: Re: password-policy configuration problems: cannot change passwords
Marco Weber wrote:
Ok, I've changed the password: ldapmodify -D cn=username,dc=domain,dc=tld -W dn: cn=username,dc=domain,dc=tld changetype: modify replace: userPassword userPassword: TheNewValue
then i tried to change the password using ldappasswd: ldappasswd -D cn=username,dc=domain,dc=tld -S -W New password: Re-enter new password: Enter LDAP Password: Result: Constraint violation (19) Additional info: Password policy only allows one password value
What was TheNewValue? If you have password-hash {SSHA} this has to be a pre-hashed password. Use slappasswd to generate one.
Ciao, Michael.