Hugo Etievant wrote:
Hi,
I have setted a password policy with password history.
When i use ldappasswd for change password, this tool says me
"Constraint violation" but that do not mean the real raison of failure.
=>>> How can we verify if a password is in the history list ???
If you
display the extended information sent back in the LDAP error
return, you should see a message like this "password in history"
my follwing command is not successful :
ldapsearch -h HOST -p 389 -D "cn=ADMIN" -b "ou=UNIT,dc=HOST,dc=COM"
-x
-w - "(passwordHistory=OLDPASSWD)" dn
passwordHistory stores hashed
passwords so this ldapsearch won't work
I suppose you could use ldapsearch to get the passwordHistory list, then
write a script to use the pwdhash command to hash and compare a given
password with the passwords in the list.
regards