I think what you want to do to get the passwordhistory attribute is something like the below command as I think they are considered operational attributes.
ldapsearch -H ldap://ldap.mydomain.com -x -s base -b "" + # note the + returns operational attributes Hope that helps on one part of your question. On 10/26/2011 10:27 AM, Mazier Alexandre wrote: > [Apologize for my English] > > Hello > > I’m trying to set up a password policy for my users. Especially, I set a > password history value of 6. > > In case of a password recovery process, I want to give to the > administrator to restore the password to a default value which is > equally the value used for the account creation. The problem at this > time is obvious: the password change is refused since the default > password is already in the history. Is there any way to force the > password restauration? > > Furthermore, I have some questions with about the way password history > is working. > > I can see through 389-console that users have a multi-valued attributes > passwordhistory. However I’m unable to get it with a command line > ldapsearch request. How can I obtain this password history list? > > Maybe for the same reason, if I delete the passwordhistory attribute and > try to restore the password to its initial value, I always obtain an > exception due to the presence of the password in the history. > > Those points are not clearly referenced in the documentation. Thanks a > lot for your help. > > Regards, > > *Alexandre MAZIER* > Intervenant > > GIP CPAGE > Parc Technologique de la Toison d'Or > 19 rue Louis de Broglie BP 56507 > 21065 DIJON Cedex > Tél : 03 80 28 46 46 > Fax : 03 80 28 46 01 > > Mailto:[email protected] <mailto:[email protected]> > > P Avant d'imprimer cet e-mail, si nous réfléchissions à l'impact sur > l'environnement ? > > Les données et renseignements contenus dans ce message sont personnels, > confidentiels et secrets. Si vous n'êtes pas destinataire de ce message, > merci de le détruire immédiatement et d'avertir l'expéditeur. Le GIP > CPAGE décline toute responsabilité au titre de ce message s'il a été > altéré, déformé ou falsifié. > > The information contained in this message is privileged, confidential, > and protected from disclosure. If you are not intended addressee of this > message, please cancel it immediately and inform the sender. GIP CPAGE > shall not be liable for the message if altered, changed or falsified. > > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
