Hugo Etievant wrote:
If you display the extended information sent back in the LDAP error return, you should see a message like this "password in history"Hi,I have setted a password policy with password history.When i use ldappasswd for change password, this tool says me "Constraint violation" but that do not mean the real raison of failure.=>>> How can we verify if a password is in the history list ???
my follwing command is not successful :ldapsearch -h HOST -p 389 -D "cn=ADMIN" -b "ou=UNIT,dc=HOST,dc=COM" -x -w - "(passwordHistory=OLDPASSWD)" dn
passwordHistory stores hashed passwords so this ldapsearch won't workI suppose you could use ldapsearch to get the passwordHistory list, then write a script to use the pwdhash command to hash and compare a given password with the passwords in the list.
regards
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
