Password History check in openldap not working when I am using SHA-256 password hashing in openldap.
So I am sending clear text password from my java application to openLDAP and it is storing as SHA-256 hashed form on its own.
whenever I am changing password, openLDAP is storing the previous password in pwdHistory.
There is no problem in that but when I am changing password with the same password previously used it is taking up without throwing any error.
I am struggling to make it work for few weeks. Please somebody help me.
My environment details:
OpenLDAP 2.4.38
RHEL 6
Following details also mentioned in slapd.conf
include ../etc/openldap/schema/ppolicy.schema
password-hash {SHA256}
overlay ppolicy
ppolicy_default "cn=default,ou=pwdpolicies,dc=my-domain,dc=com"
ppolicy_hash_cleartext
my password policy:
dn: cn=Default,ou=pwdpolicies,dc=my-domain,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: Default
sn: Default
pwdAttribute: userPassword
pwdMinAge: 0
pwdInHistory: 5
pwdFailureCountInterval: 0
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdAllowUserChange: TRUE
pwdExpireWarning: 0
pwdGraceAuthNLimit: 0
pwdMustChange: FALSE
pwdSafeModify: FALSE
Kindly let me know if I have to give me more information to nail down the issue. Please Please Please someone help me on this. I am badly need a solution on this.