Password History check in openldap not working when I am using SHA-256 password hashing in openldap.
So I am sending clear text password from my java application to openLDAP and it is storing as SHA-256 hashed form on its own. whenever I am changing password, openLDAP is storing the previous password in pwdHistory. There is no problem in that but when I am changing password with the same password previously used it is taking up without throwing any error. I am struggling to make it work for few weeks. Please somebody help me.
My environment details: OpenLDAP 2.4.38 RHEL 6
Following details also mentioned in slapd.conf
include ../etc/openldap/schema/ppolicy.schema password-hash {SHA256} overlay ppolicy ppolicy_default "cn=default,ou=pwdpolicies,dc=my-domain,dc=com" ppolicy_hash_cleartext
my password policy: dn: cn=Default,ou=pwdpolicies,dc=my-domain,dc=com objectClass: pwdPolicy objectClass: person objectClass: top cn: Default sn: Default pwdAttribute: userPassword pwdMinAge: 0 pwdInHistory: 5 pwdFailureCountInterval: 0 pwdLockout: TRUE pwdLockoutDuration: 0 pwdAllowUserChange: TRUE pwdExpireWarning: 0 pwdGraceAuthNLimit: 0 pwdMustChange: FALSE pwdSafeModify: FALSE
Kindly let me know if I have to give me more information to nail down the issue. Please Please Please someone help me on this. I am badly need a solution on this.