Which user are you setting the password with? Remember that the "Admin" user is not subject to the policy.
> On Jun 9, 2014, at 9:42 AM, "scor z" <[email protected]> wrote: > > > Password History check in openldap not working when I am using SHA-256 > password hashing in openldap. > > So I am sending clear text password from my java application to openLDAP and > it is storing as SHA-256 hashed form on its own. > whenever I am changing password, openLDAP is storing the previous password in > pwdHistory. > There is no problem in that but when I am changing password with the same > password previously used it is taking up without throwing any error. > I am struggling to make it work for few weeks. Please somebody help me. > > My environment details: > OpenLDAP 2.4.38 > RHEL 6 > > Following details also mentioned in slapd.conf > > include ../etc/openldap/schema/ppolicy.schema > password-hash {SHA256} > overlay ppolicy > ppolicy_default "cn=default,ou=pwdpolicies,dc=my-domain,dc=com" > ppolicy_hash_cleartext > > my password policy: > dn: cn=Default,ou=pwdpolicies,dc=my-domain,dc=com > objectClass: pwdPolicy > objectClass: person > objectClass: top > cn: Default > sn: Default > pwdAttribute: userPassword > pwdMinAge: 0 > pwdInHistory: 5 > pwdFailureCountInterval: 0 > pwdLockout: TRUE > pwdLockoutDuration: 0 > pwdAllowUserChange: TRUE > pwdExpireWarning: 0 > pwdGraceAuthNLimit: 0 > pwdMustChange: FALSE > pwdSafeModify: FALSE > > Kindly let me know if I have to give me more information to nail down the > issue. Please Please Please someone help me on this. I am badly need a > solution on this.
